The first step to implement reCaptcha is to sign up, provide a list of domains and obtain the Site Key and Secret Key. The site key is used to display the widget on the web page while the secret key is used to validate the response with Google's servers.
<div> containing the site key as a
data-sitekey attribute has to be added in the <body> tag as a placeholder wherever the reCaptcha needs to be displayed.
When the user solves the reCaptcha, a new field (g-recaptcha-response) will be added in the HTML. This can be retrieved as a
g-recaptcha-response POST parameter when the user submits the form and used to validate against Google's servers. The api details are as follows:
- Url: https://www.google.com/recaptcha/api/siteverify
- Method: POST
- Post Parameters:
|secret||Required. The shared key between your site and reCAPTCHA.|
|response||Required. The user's response token (g-recaptcha-response) provided by reCAPTCHA used to verify the user on your site.|
|remoteip||Optional. The user's IP address.|
Verifying User's Response in the Controller
When the form is submitted, the reCaptcha verification is done by posting the secret, g-captcha-response and optionally the caller's ip to Google's siteverify api.
The captcha's reponse retrieval is made easier by using asp.net's model binding features and adding a property to the model class. Alternatively, it can be retrieved from form variables as follows:
The example project and source code is available from my github repo.