How to prevent automatic change of captcha in BotDetect captcha?

Question

I have implemented the botdetect captcha in my asp.net application. But whenever the postback occours in the page the captcha changes. How can i prevent it from changing.

Asax page:

<botDetect:Captcha ID="bdCaptcha" runat="server" />

.CS Page:

protected void Page_PreRender(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                bdCaptcha.UserInputClientID = txtCaptchaInput.ClientID;
            }
        }

How can i achieve this.

Answer 1

You can't. I'll write bellow you why not (1), and what I believe you should do (2):

(1) BotDetect Captcha allows only one validation attempt per Captcha code for security purposes.

If we allowed multiple retries on solving the same Captcha, it would significantly lower the Captcha security, since bots could just brute-force different code values until they eventually got it right. Also, it would be much easier to write a bot which used OCR techniques to bypass the Captcha: if, for example, it could recognize two out of the five digits in the image, it would just have to brute-force the remaining three.

So a failed validation attempt (whether on the client- or server-side) always invalidates the current Captcha code. Successful server-side validations also remove the code (so we prevent cases where somebody solves just one Captcha and then keeps reusing it for multiple submissions).

(2) I guess the origin of your issue is dealing with validation that failed on another (non-captcha) field of your webform. In such scenario you would like to avoid torturing your visitor with solving Captcha twice.

We completely agree with this, but solution is not to change Captcha behavior, but to remove Captcha completely once it is solved. Here is where you can find more details: http://captcha.com/doc/aspnet/faq/captcha-validation-security-faq.html#validation-repeat

Hope this helps.

Mario, Captcha Inc.