Fleximex
commented
7 years ago reCAPTCHA makes use of its own [ValidateRecaptcha] (that you put above a method and should check the captcha) which I didn't manage to get working. It seems like no one has written tutorials yet for Razor Pages. All tutorials assume you have controllers, while with .net core 2.0 and using Razor Pages you can basically use PageModels instead of controllers.
I'll share my code.
This is a method you put in the PageModel of the page you want to use your Captcha on which will verify your the Captcha with the Google servers:
private async Task<CaptchaVerification> VerifyCaptcha()
{
string userIP = string.Empty;
var ipAddress = Request.HttpContext.Connection.RemoteIpAddress;
if (ipAddress != null) userIP = ipAddress.MapToIPv4().ToString();
var captchaResponse = Request.Form["g-recaptcha-response"];
var payload = string.Format("&secret={0}&remoteip={1}&response={2}",
"YOUR_PRIVATE_KEY",
userIP,
captchaResponse
);
var client = new HttpClient();
client.BaseAddress = new Uri("https://www.google.com");
var request = new HttpRequestMessage(HttpMethod.Post, "/recaptcha/api/siteverify");
request.Content = new StringContent(payload, Encoding.UTF8, "application/x-www-form-urlencoded");
var response = await client.SendAsync(request);
return JsonConvert.DeserializeObject<CaptchaVerification>(response.Content.ReadAsStringAsync().Result);
}Replace YOUR_PRIVATE_KEY with the private key you got from Google.
JsonConvert.DeserializeObject<CaptchaVerification> uses a custom class called CaptchaVerification which you also need. It can either be a separate class or a class inside your PageModel.
This class essentially is the response from Google in which you encapsulate the response:
public class CaptchaVerification
{
public CaptchaVerification()
{
}
[JsonProperty("success")]
public bool Success { get; set; }
[JsonProperty("error-codes")]
public IList Errors { get; set; }
}Now in the POST or GET method in your PageModel you can call VerifyCaptcha() like this:
var resultCaptcha = await VerifyCaptcha();
And then you use an if statement to check if the Captcha was successful or not. You can use the boolean Succes defined in the class CaptchaVerification. So for example if you want to have a Captcha on the page where you register an user on your website. You check the Captcha before you check the ModelState (a.k.a. the form input the user entered to register a user):
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
ReturnUrl = returnUrl;
//Verify the Captcha
var resultCaptcha = await VerifyCaptcha();
//Captcha was not a succes
if (!resultCaptcha.Success)
{
ModelState.AddModelError("", "Captcha is not valid");
//Return to the register page
return Page();
}
//Captcha was succesful now check the other user input (like username and password)
if (ModelState.IsValid)
{
var user = new ApplicationUser { UserName = Input.Username, Email = Input.Email };
var resultCreateUser = await _userManager.CreateAsync(user, Input.Password);
if (resultCreateUser.Succeeded)
{
_logger.LogInformation("User created a new account with password.");
await _signInManager.SignInAsync(user, isPersistent: false);
//User input is wrong return to the page
return LocalRedirect(Url.GetLocalUrl(returnUrl));
}
foreach (var error in resultCreateUser.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
}
//User input is wrong return to the page
return Page();
}And on the page itself you put this in a form:
<div class="form-group">
<div class="g-recaptcha" data-sitekey="YOUR_PUBLIC_KEY"></div>
</div>Replace YOUR_PUBLIC_KEY with the public key you got from Google.
Also make sure you add 'localhost' to the Google Captcha admin page as one of the Domains so that the Captcha works when testing on your local PC.
I hope this helps. If you have any questions let me know.
alexhopeoconnor
drew-fierst
First, thanks for your contribution.
Is there support for .NET Core 2.0 Razor Pages? Is an example implementation available?