Skip to content

ali-rashtbari/NotBot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
NotBot
NotBot
 
 
SampleCaptchaService
SampleCaptchaService
 
 
.gitignore
.gitignore
 
 
GitVersion.yml
GitVersion.yml
 
 
README.md
README.md
 
 

Repository files navigation

NotBot

NotBot is a lightweight and secure CAPTCHA generation and verification library for ASP.NET Core.
It uses digital signatures (HMAC-SHA256) and client fingerprinting (IP + User-Agent) to ensure the CAPTCHA cannot be reused or tampered with.

Features

  • Generate image-based CAPTCHAs with customizable character length
  • Validate CAPTCHAs with secure HMAC signatures
  • Bind CAPTCHA to a specific client using fingerprinting (IP + User-Agent)
  • Expiration time for each CAPTCHA
  • Built-in middlewares for extracting CAPTCHA tokens and client fingerprints
  • Works on both Linux and Windows

Requirements

  • Default fonts are: Arial, Verdana, Times New Roman.
  • If you want to run your application on Linux, make sure Liberation Sans is installed first.

Usage

1. Register the Service

using NotBot;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddNotBot(options =>
{
    options.CharactersCount = 6; // Number of CAPTCHA characters
    options.CaptchaCodeExpirationSeconds = 120; // Expiration time in seconds
    options.SecretKey = "A_Strong_Key_For_HMAC"; // Secret key for signing
});

2. Add Middlewares

var app = builder.Build();

app.UseClientSignatureExtractor();
app.UseCaptchaTokenExtractor();

app.MapControllers();

app.Run();

3. Generate a CAPTCHA

Call the BuildCaptcha method from your implementation of INotBotService to generate the CAPTCHA image and token.

You can expose it through your own API endpoint, or integrate it into an existing endpoint.
For example, you might create an endpoint like /captcha/build that returns the image along with the token in the response headers.

4. Verify a CAPTCHA

public class SampleService(INotBotService notBotService)

    public async Task<ResultData> DoSomething(RequestData request, CancellationToken cancellationToken = default)
    {

        ...
        ...
        ...

        if (!RequestScope.CaptchaToken.HasValue())
        {
            throw new CaptchaTokenIsRequiredException();
        }

        var isValid = notBotService.VerifyCaptcha(new VerifyCaptchaDto(request.Captcha, NotBotRequestScope.CaptchaToken));
        if (!isValid)
        {
            throw new InvalidCaptchaException();
        }

        ...
        ...
        ...
    }
}

Best Practices

  • Always use a strong, random SecretKey for signing.
  • Serve the CAPTCHA image over HTTPS.
  • Never expose the generated code to the client; only send the signed token.

About

NotBot - Captcha Generator API for ASP.NET Core

Topics

dotnet-core asp-net-core nuget-package webapi-core captcha-with-letters

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages