添加“反机器人” CreateUserWizard 的增强

发布于 2024-12-28 06:25:46 字数 2552 浏览 0 评论 0原文

我想向 CreateUserWizard 添加一个“反机器人”问题，作为验证码控件更易于访问的替代方案。我对 asp 相当陌生，发现我有点陷入 WinForms 思维模式。然而，我想出了一些似乎有效的方法。

标记：

    <asp:CreateUserWizard ID="CreateUserWizard1" runat="server">
    .
    .
    <tr>
      <td align="right">
        <asp:Label ID="AntiRobotQuestion" runat="server" AssociatedControlID="AntiRobotAnswer">
          Question:
        </asp:Label>
      </td>
      <td>
        <asp:TextBox ID="AntiRobotAnswer" runat="server"></asp:TextBox>
        <asp:RequiredFieldValidator ID="AntiRobotAnswerRequired" runat="server" ControlToValidate="AntiRobotAnswer" ErrorMessage="Answer is required." ToolTip="Answer is required." ValidationGroup="CreateUserWizard1">
        </asp:RequiredFieldValidator>
      </td>
    </tr>
    <tr>
      <td align="center" colspan="2" style="color:Red;">
        <asp:Literal ID="CustomErrorMessage" runat="server" Visible="False" EnableViewState="False"></asp:Literal>
      </td>
    </tr>
  .
  .
  </asp:CreateUserWizard>

代码隐藏：

protected void Page_Load(object sender, EventArgs e)
{

    if (!IsPostBack) {
        //Set up the Anti-Robot Question and Answer
        Label robotQuestion = (Label)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("AntiRobotQuestion");
        //Simulate randomly selecting a question and answer from a database table...
        robotQuestion.Text = "What is the capital of France";
        Session["AntiRobotAnswer"] = "Paris";
    }

}

protected void CreateUserWizard1_CreatingUser(object sender, LoginCancelEventArgs e)
{
    //Check the anti-robot Q & A
    TextBox robotAnswer = (TextBox)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("AntiRobotAnswer");
    if (robotAnswer.Text != (string)Session["AntiRobotAnswer"])
    {
        Literal errorMessage = (Literal)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("CustomErrorMessage");
        errorMessage.Text = "Wrong answer! Are you a robot?";
        errorMessage.Visible = true;
        e.Cancel = true;
    }

}

这是一种可以接受的编码方式吗？有两件事对我来说看起来特别“不整洁”：

使用 FindControl 提取对标记中控件的引用。
将预期答案存储在会话变量中。（它有多安全？）

编辑（2012-01-23）已经给出了一些有效的设计替代方案。但是，我有充分的理由使用这种问答技术（可能除了蜜罐想法之外）。例如，与论坛主题相关的问题可以帮助防止人类垃圾邮件发送者和机器人。问题是：上面概述的代码是一种可以接受的方法吗？来自 WinForms 的背景，对我来说它看起来有点笨重 - 但也许这就是 asp 应该的样子。

原文

I want to add an "anti-robot" question to the CreateUserWizard as a more accessible alternative to a Captcha control. I'm fairly new to asp and finding that I'm a bit stuck in a WinForms mindset. However, I have come up with something that appears to work.

Markup:

    <asp:CreateUserWizard ID="CreateUserWizard1" runat="server">
    .
    .
    <tr>
      <td align="right">
        <asp:Label ID="AntiRobotQuestion" runat="server" AssociatedControlID="AntiRobotAnswer">
          Question:
        </asp:Label>
      </td>
      <td>
        <asp:TextBox ID="AntiRobotAnswer" runat="server"></asp:TextBox>
        <asp:RequiredFieldValidator ID="AntiRobotAnswerRequired" runat="server" ControlToValidate="AntiRobotAnswer" ErrorMessage="Answer is required." ToolTip="Answer is required." ValidationGroup="CreateUserWizard1">
        </asp:RequiredFieldValidator>
      </td>
    </tr>
    <tr>
      <td align="center" colspan="2" style="color:Red;">
        <asp:Literal ID="CustomErrorMessage" runat="server" Visible="False" EnableViewState="False"></asp:Literal>
      </td>
    </tr>
  .
  .
  </asp:CreateUserWizard>

Code behind:

protected void Page_Load(object sender, EventArgs e)
{

    if (!IsPostBack) {
        //Set up the Anti-Robot Question and Answer
        Label robotQuestion = (Label)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("AntiRobotQuestion");
        //Simulate randomly selecting a question and answer from a database table...
        robotQuestion.Text = "What is the capital of France";
        Session["AntiRobotAnswer"] = "Paris";
    }

}

protected void CreateUserWizard1_CreatingUser(object sender, LoginCancelEventArgs e)
{
    //Check the anti-robot Q & A
    TextBox robotAnswer = (TextBox)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("AntiRobotAnswer");
    if (robotAnswer.Text != (string)Session["AntiRobotAnswer"])
    {
        Literal errorMessage = (Literal)CreateUserWizard1.CreateUserStep.ContentTemplateContainer.FindControl("CustomErrorMessage");
        errorMessage.Text = "Wrong answer! Are you a robot?";
        errorMessage.Visible = true;
        e.Cancel = true;
    }

}

Is this an acceptable way to code this? Two things in particular look a bit "untidy" to me:

The use of FindControl to pull out references to controls in the markup.
Storing the expected answer in a session variable. (How secure is it?)

EDIT (2012-01-23)
Some valid design alternatives have been given. However, I have a valid reason to use this question and answer technique (possibly in addition to the honeypot idea). For example, a question relevant to the subject of a forum can help to prevent human spammers as well as bots. The question is: is the code outlined above an acceptable way to do this? Coming from a WinForms background, it looks a bit clunky to me - but maybe that's what asp is supposed to look like.

分享到QQ

分享到微博