FormShield started out as a simple project with just one aim - to prevent automated form submission using dynamically generated images.
Not exactly a new idea - dynamically generated images requiring the user to enter the text found on the image have been around for quite a while (see http://www.captcha.net/), preventing automated sign-ups to free e-mail services such as HotMail and Yahoo, and automated whois lookups on domain names on sites such as Network Solutions.
Whilst some code exists on Code Project (http://www.codeproject.com/aspnet/CaptchaImage.asp), there didn't however seem to be a free, easy-to-use and customisable control for ASP.NET with full designer integration that could generate the relevant images. So, looking for an excuse to delve into GDI+, FormShield was born and my idea of a 'simple' control was dropped...
- Generates BMP, GIF, JPEG, PNG or TIFF images.
- Choose the pixel format and smoothing mode used to render the image.
- Set the height, width and alignment of the image as well as the alternate text displayed.
- Image is built using 3 layers - Background, foreground and noise.
- Provides 6 fill styles, 4 gradient styles, 53 hatch styles and 2 colors for each layer.
- Set the length and case (lower, mixed or upper) of the automatically generated text.
- Choose the type of characters you want to use to generate the text (alpha, numeric, symbols or a combination).
- Choose the fonts you want to use to draw the text as well as the font style (4 combinable styles, 16 in total).
- Pick a text effect (5 combinable effects, 23 in total) and decrease the noise level to decrease readability.
- Draw a border on the image using one of 5 styles and your choice of color.
- Randomise the fill style, gradient style, hatch style, font style, text case, text style, text effect and border style.
- 6 Presets included; Default, Fire, Forest, Sand, Sea, ChessBoard.
- Supports 3 persistent methods; ViewState, SessionState or FormField (hidden input field) - ideal if ViewState and/or SessionState isn't available to persist property values on postback.
- Values stored using any of the persistent methods are automatically encrypted for additional security.
- Image is rendered on demand (either inline or using an Image Provider), and not saved as a file.
- Encrypts the querystring to prevent deciphering by reading the HTML source.
- Works with existing ASP.NET validation controls as well as StringCompareValidator.
- Can be used on standalone WebForms as well as UserControls.
- Supports .Text Blogging Engine (no compile needed) to prevent spam on blogs.
- Full Visual Studio .NET designer integration, including optional rendering whilst in design mode.
Visual Studio .NET Design Time Notes:
- To get the image to appear when you first drag 'n' drop FormShield to your page, save the file and then click 'Refresh' from the 'View' menu or visit the page in a Web browser. If that doesn't work, build the project and try again.
- On occasion the image doesn't reflect property changes made within the property grid. This seems to be either an issue with Visual Studio, or caching. The easiest way to solve the problem (if it happens in the first place) is to save the file and then click 'Refresh' from the 'View' menu.
Simply download, add to your toolbox, drag 'n' drop to your page and set the relevant properties using the property grid.
To combine with a validation control (e.g. StringCompareValidator), add the validation control as well as a textbox to your page, set the StringCompareValidators 'ControlToCompare' property to point to the textbox control and the 'ControlToValidate' property to point to the FormShield control.
To use an Image Provider to decrease rendering times, create a new page and set it to inherit from dotNetFreak.WebControls.FormShieldImageProvider. Then update the ImageProviderUrl property to point to the new page.
Licensing & Download:
Free for both personal and commercial use, however please consider donating!
You may also redistribute the control royalty free, providing that you don't charge for it. Also, if you intend to distribute the control as part of an application which is publicly available it would be nice to know, although this isn't a requirement.
Got a good image design? Drop me a line using the contact link and I'll look to include it as a preset.
To download, please visit the 'Downloads' area.
Help & Support:
Please post in the forum.
Integrating with the .Text Blogging Engine:
A quick guide by Davide Mauri on integrating FormShield with .Text to prevent spam on your blog is also available in the downloads area.
Updated 13/07/2007 (v2.0.0):
Click here for details.
Updated 28/06/2005 (v1.1.2):
A new method has been added (DrawNewText) which will force FormShield to redraw the image with a new text value. This can be used on postback to change the text that appears on the image if the user enters an incorrect value.
Thanks to Amrinder Sandhu for suggesting this.
Updated 01/06/2005 (v1.1.1):
The encrypted properties value that is passed in the query string is now UrlEncoded to prevent issues with ISAPI filters mis-interpreting it. This should also mean that ValidateRequest="false" is no longer required to be in the Page directive.
Thanks to Mario Vargas for suggesting this.
Updated 18/05/2005 (v1.1.0):
- New PersistenceMethod property - Allows you to use either ViewState, SessionState or a hidden input field (FormField) to persist property values. Ideal for use when ViewState and/or SessionState isn't available.
- .Text Blogging Engine compatible - Stop spammers from hijacking your blog - No compile needed!
- Values stored in ViewState, SessionState or in a hidden input field (FormField) are now encrypted.
- Only required property values are now persisted, reducing the amount of data stored.
- Encryption keys strengthened - control name no longer used for improved security.
- Missing text value and other problems when used on UserControls - Fixed.
- Random FontStyle, GradientStyle, HatchStyle, TextCase and TextStyle were still throwing exceptions under certain conditions - Fixed - Thanks to David Waters for pointing this out.
Thanks to Davide Mauri for making me ensure FormShield worked properly with .Text :-) and also for writing the guide on how to impliment it (see above).
Updated 06/01/2005 (v1.0.2):
Random FontStyles on occasion would thrown an exception - Fixed.
Updated 22/11/2004 (v1.0.1):
On occasion when using a random FontStyle, GradientStyle, HatchStyle or TextCase an exception would be thrown e.g. 'ArgumentException: Requested value Random was not found.'
This has now been fixed - Thanks to Minh Tran for pointing this out.