I will show you how to implement Password Recovery control with CAPTCHA included and how to handle the background processing.
Introduction
Recently I have found a problem in implementing PasswordRecovery which is provided by ASP.Net. But the problem I faced using this control is hackers can use this to find out the valid usernames from assumptions.
Objective
I want to implement CAPTCHA along with the PasswordRecovery and also to avoid hackers to get the valid username, I am passing the same message back from server to the client machine in case of success or failure.
Using the code
Implement the PasswordRecovery
Download the free CAPTCHA control from
http://www.mondor.org/captcha.aspx
Instead of using default SuccessTemplate I have use a Div with id and runat server attribute . This is to show same message in failure or success.
Now I have handled the Captcha errors in the code-behind.Now trying the functionality.
Case 1: Enter wrong username with wrong Captcha letters
Case 2: Enter wrong username with correct Captcha letters
Case 3: Enter correct username with correct Captcha letters
Conclusion
This is a quick and easiest way to implement CAPTCHA in ASP.NET applications.
Thanks for looking in to my solution.