The effectiveness of Captchas in preventing SPAM cannot be overemphasized, they are especialy useful for blogs, login forms, registration forms etc.

Google's reCaptcha is very popular and quite easy to integrate into ASP.NET applications. To get more information about Google's reCaptcha, check out

To use this, you register your account and application and you get a public and private key with which you perform validations. The site also has useful information on how to integrate the readily available plugin into your site in less that 10minutes.

The issue is that the plugin requires FULL trust to run which is not always available especially if your web application is hosted on a shared server. You will get errors like:

 System.Security.SecurityException: That assembly does not allow partially trusted callers.

To get around this, you can implement the control manually like this:


If an error occurs, the google results array will contain another entry for the error reason. Also the site states that in the future, multiple array entries
might be returned.

Based on the boolean value of the function listed below, you can go ahead and authorize whatever action like creating a user, approving blog comment etc.


1) Place the following in the markup of your aspx page (i.e. for me this was in my content area because I was using master pages). Substitute in your public key or you will get an error from google, as best practice, you should load this from your web.config.


 <%--Start manual Recaptcha implementation --%>
 <script type="text/javascript">
  var RecaptchaOptions = {
   theme: 'clean'
 <script type="text/javascript"
 src=" KEY HERE"> </script> <noscript> <iframe src=" KEY HERE" height="300" width="500" frameborder="0"></iframe> <br> <textarea name="recaptcha_challenge_field" rows="3" cols="40"
id="recaptcha_challenge_field" runat="server"> </textarea> <input type="hidden" name="recaptcha_response_field" value="manual_challenge"
runat="server" id="recaptcha_response_field"> </noscript> <%-- End manual Recaptcha implementation --%>

2) In your code behind, add the following function:

   #region Manual captcha verification
 public static bool ValidateCaptchaResultManually(string privateKey, string ip, string challenge, string response) { System.Net.HttpWebRequest webRequest =
(System.Net.HttpWebRequest)WebRequest.Create(""); webRequest.Method = "POST"; webRequest.ContentType = "application/x-www-form-urlencoded"; string parameters =
string.Format("privatekey={0}&remoteip={1}&challenge={2}&response={3}", privateKey, ip, challenge, response); byte[] byteArray = System.Text.Encoding.UTF8.GetBytes(parameters); webRequest.ContentLength = byteArray.Length; System.IO.Stream dataStream = webRequest.GetRequestStream(); dataStream.Write(byteArray, 0, byteArray.Length); dataStream.Close(); HttpWebResponse webResponse = (HttpWebResponse)webRequest.GetResponse(); if (webResponse.StatusCode.Equals(HttpStatusCode.OK)) { dataStream = webResponse.GetResponseStream(); System.IO.StreamReader reader = new System.IO.StreamReader(dataStream); string[] googleResults = reader.ReadToEnd().Split("\n".ToCharArray()); webResponse.Close(); if (googleResults[0].Equals("true")) { return true; } } return false; } #endregion