bitarmory / recaptcha Goto Github PK

First of all, thanks a lot for this library.
I have a question regarding the reCaptcha v3 WebForms example.
We can see in the Default.aspx page that a hidden button is used and not the ASP.NET's JavaScript __doPostBack() method.
Is there any specific reason?
Thanks

Context

Google.com domains are generally blocked in china, but its easy to use recaptcha globally like google recommends here: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally

Alternatives

No

Has the feature been requested before?

No

If the feature request is approved, would you be willing to submit a PR?

Yes

I’m implementing the version 2 over the Identity scaffolding login (ASP.NET MVC Core), so when I input an incorrect password the page reloads and doesn’t load the ReCaptcha again.

Then submit and i get the form like this

Hope you can help me about this

Version Information

What's the problem?

Unable to cast object of type 'System.Web.Security.FormsIdentity' to type 'XXX.Library.CustomIdentity'
I am using custom forms authentication and regularly cast the Identity like this: (MyCustomIdentity)Csla.ApplicationContext.User.Identity).UserID);

Immediately after calling "var result = await captchaApi.Verify3Async(token, clientIp, secret);" all sessions are broken and cannot cast to MyCustomIdentity. Once this line is called every existing and new session breaks. Even if the user logs off and back on again the CustomIdentity never works as expected and the website needs to be restarted from IIS Manager.

This work perfectly fine in local IIS. I also have a few other websites using CSLA and this same nuget package and the others seem to work ok. I just can't work out what could cause the issue.

Would anyone have experience with something like this?

I'm trying to get the sample code working for a .NET Framework 4.x form. Certain functions are available only for .NET Core. The code below are possible modifications for .NET 4.x:

`

private string GetIpAddress ()
{
	string userip = Request.UserHostAddress;

	if (Request.UserHostAddress != null)
	{
		Int64 macinfo = new Int64 ();
		string macSrc = macinfo.ToString ("X");

		if (macSrc == "0")
		{
			if (userip == "127.0.0.1")
				Response.Write ("visited Localhost!");
		}
	}

	return userip;
}

private bool ValidateRecaptcha ()
{
	bool validateResult = true;

	//1. Get the client IP address in your chosen web framework
	//string clientIp = this.HttpContext.Connection.RemoteIpAddress.ToString ();
	// .RemoteIpAddress function not in .NET 4.x, so use GetIpAddress() function.
	string clientIp = GetIpAddress ();
	string token = null;
	string secret = "";

	//2. Extract the `#captcha` field from the hidden HTML form in your chosen web framework
	// .TryGetValue function is not in .NET 4.x. Should we use this.Request.Form["captcha"] instead?
	if (this.Request.Form.TryGetValue ("captcha", out var formField))
	{
		token = formField;
	}

	//3. Validate the reCAPTCHA with Google
	var captchaApi = new ReCaptchaService ();
	//var result = await captchaApi.Verify3Async (token, clientIp, secret);
	// Is it necessary to use await?
	var result = captchaApi.Verify3Async (token, clientIp, secret);

	// result.IsSuccess/.Action/.Score not available in .NET 4.x.
	// BadRequestResult () result not available, but this could just be validateResult=false.
	if (!result.IsSuccess || result.Action != "SOME_ACTION" || result.Score < 0.5)
	{
		// The POST is not valid
		return new BadRequestResult ();
		// validateResult = false;
	}
	else
	{
		//continue processing, everything is okay!
	}

	return validateResult;
}

`

Both lines have nameof(siteSecret) instead of nameof(clientToken).

That's quite misleading