Clearscreen HIP Control v1.4 for ASP.NET

by Miguel Jimenez

CONTENTS

1. Disclaimer
2. Overview
3. Features and Requirements
4. Installation on running websites
5. Installation tips for .Text users
6. Installation tips for Community Server 1.0 users
7. Installation on Visual Studio .NET
8. Install Sample Website
9. Important Note to Users of previous Versions
10. Version History

1. DISCLAIMER

THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE LICENSOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

2. OVERVIEW

HIP stands for Human Interaction Proof and provides a mechanism that allows any developer to control bot submissions to their webforms. This technique has been used for some time by Yahoo, Hotmail and others to avoid the creation of fake email accounts. This kind of human proof is also known as CAPTCHA.

Most web developers have experienced in some way the effects of unwanted subscriptions or submissions to their applications. One of the most recent intrusions of this kind of spam is BlogCommentSpam that is sent using a form in a webpage.

Now, with Clearscreen HIP Control this is over.

3. FEATURES & REQUIREMENTS

Clearscreen HIP Control v1.4 provides a simple and easy ASP.NET control that creates a random HIP Code rendered into an image that the user must write in order to submit the form to the server.

The image is generated in the server and the code is never sent to the browser in other way than the image. An easy integration pattern allows this control to stop any form submission without having to re-code or modify any of your compiled ASP.NET pages or applications.

The images are never saved to disk and are always send directly to the client browser. The HipCodes are completely random generated so no way to spoof them.

This control requires:

• Microsoft .NET Framework 1.1

4. INSTALLATION ON RUNNING WEBSITES

The installation process is really easy and involves no coding nor recompilation. Follow these steps to accomplish the installation in your form:

1. Please backup any modified file before proceeding.
2. Copy the Clearscreen.SharpHIP.dll file to the bin folder of your ASP.NET application.
3. Now you have to include the HIP Control in your webform to protect it from unwanted submissions. Locate the .ASPX or .ASCX file that you want to protect and edit it with Notepad or other text editor. Add a reference to the Clearscreen HIP Control at the beginning of the file with the following code:
   
   

   <%@ Register TagPrefix="cc1" Namespace="Clearscreen.SharpHIP" Assembly="Clearscreen.SharpHIP" %>

   Finally, place the control in the place you want it to render when the users see the page over the web. Add the following code to that location:
   
   

   <cc1:HIPControl id="HIPControl1" runat="server" />

   And save the file.
4. You are done!! Test your page and see if everything renders correctly.

5. INSTALLATION TIPS FOR .TEXT USERS

DotText is a blog engine developed with ASP.NET that is the original target of this HIP Control.

1. Follow all steps listed in section 3.
2. If your DotText engine have more than one skin installed you will have to repeat step 3 in section 3 for every PostComments.ascx custom control in every skin you have installed.
3. This component will not affect any other custom developed component that you have compiled or installed in your DotText engine. It's totally transparent to them.

If you are currently logged into your .Text website, set TrustAuthenticatedUsers="False" to debug, or otherwise you will not see the control!

In case you have any trouble or want to customize the aspect of the control for your .Text installation add the control to an empty webform in vs.net and customize it through the properties. Once finished, copy the HTML generated code for that control to your .Text page as described in step 2 of previous section.

6. INSTALLATION TIPS FOR COMMUNITY SERVER 1.0 USERS

Community Server is the new version of the .Text blogging engine but with extra new functionallity like forums and galleries.

1. Follow all steps listed in section 3.
2. If your DotText engine have more than one skin installed you will have to repeat step 3 in section 3 for every Skin-CommentForm.ascx custom control in every skin you have installed.
3. This component will not affect any other custom developed component that you have compiled or installed in your Community Server engine. It's totally transparent to them.

VERY IMPORTANT: Enable JavascriptURLDetection property, set it to TRUE Default value is FALSE, but it should be TRUE for CS:1.0 users

7. INSTALLATION ON VISUAL STUDIO .NET

The control is also available to be installed in your Visual Studio .NET Toolbox and use it in projects currently in development.

1. Add it to your toolbox as you will add other controls.
2. Drag it to the webform you want to protect

If you are using the control in your own applications, have a look to the Sample Site included with this release.

8. INSTALL SAMPLE WEBSITE

To install the sample website, just include the folder in your IIS as a virtual directory.

The project of the website is created as a class Library, but compiled as a web site, so it should work correctly on IIS.

9. IMPORTANT NOTES TO USERS OF PREVIOUS VERSIONS

In this version the HTTPHandler "HIPGenerator.aspx" has been removed from the control, and there is no class that can host that handler. I've implemented a better and cleaner way to generate the images that solves some issues.

If you were using a previous version of the control in your production or development environments, you'll have to remove the HttpHandler that you added to your web.config file.

10. VERSION HISTORY

Version 1.4.1921.36128: 05-April-2005

Bug Fixed: Enabled deletion of comments in .Text versions for logged admins
Bug Fixed: Use of IsValid property is now working correctly
Bug Fixed: Session and ViewState values for ValidationForm where mistyped on the code and where not working correctly.
New features added:

• Removed captcha at all when an admin or trusted used is logged in
• Added support and compatibility for the new Community Server v1.0
• Added help to install on Community Server v1.0
• Added JavascriptURLDetection property (bool) to use Javascript or Server side code to detect the URL that should be used in the image source.

Version 1.3.1858.1511: 01-February-2005

Bug Fixed: In some cases the control asked to save a file in situations where it shouldn't be loaded. This was caused by the HTTPHandler. This method of generation for the image has been removed.
Bug Fixed: Fixed a mistype in the CodeLength property that caused errors to some users
New features added:

• Rendering of the control using VS.NET renderer to increase cross-browser compatibility.
• AutoRedirect property (bool) to define if the control will redirect automatically to the referrer url. Default = true
• ValidationTimeout property (int) to define the max number of seconds to accept a valid hipcode. Default = 300 seconds
• ValidationIgnoreCase property (bool) to define if case should be ignored when performing the code comparision. Default = false
• IsValid property (bool) that indicates if the validation was performed correctly.
• RandomCodeLength property (bool) to define if the HIPCode should be generated with random length from 3 to a max of characters defined in the CodeLength property. Default = true
• Increased security and quality in HipCode rendering.

Version 1.2.1780.27480: 15-November-2004

Bug Fixed: Only working when ViewState Enabled.
Added: Three forms of code validation with Forms, Viewstate and Session

Version 1.1.1775.1212: 10-November-2004

New features added:

• Added Design view support for ASP.NET designer
• Removed the use of Session for code validation
• Added design properties to control differente aspects of the CAPTCHA:
• BackgroundColor
• BackgroundPattern
• BackgroundPatternColor
• TextColor
• TextPattern
• TextPatternColor
• TextFontSize
• CodeLength
• ImageWidth
• ImageHeight
• ImageBorderWidth
• ImageBorderColor
• Text Message
• Added support for ASP.NET validators

Version 1.0.1767.34783: 02-November-2004

• First release