Home/ Questions/Q 6818001
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T21:07:24+00:00

I recently came across Remote Validation in asp.net mvc . Really helpful feature but

  • 0

I recently came across Remote Validation in asp.net mvc. Really helpful feature but doesn’t adding something like this to a registration form, say to check for username or email, open up a security hole? Couldn’t someone use this to mine information from the site? Captca would be an obvious solution to this problem, but has anyone been able to integrate it with the [Remote] validation?

public class CreateUserModel : EditUserModel {
    [Required]
    [StringLength(6, MinimumLength = 3)]
    [Remote("IsUID_Available", "Validation")]
    [RegularExpression(@"(\S)+", ErrorMessage = "White space is not allowed.")]
    [Editable(true)]
    public override string UserName { get; set; }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could use a Captcha if you want. For example with Google’s ReCaptcha you could install the microsoft-web-helpers NuGet, sign up for a ReCaptcha account in order to obtain your private/public key pairs and then simply modify your view model so that when you perform the remote call the 2 additional fields are included:

    public class CreateUserModel : EditUserModel 
{
    [Required]
    [StringLength(6, MinimumLength = 3)]
    [Remote("IsUID_Available", "Validation", AdditionalFields = "recaptcha_response_field,recaptcha_challenge_field", HttpMethod = "POST")]
    [RegularExpression(@"(\S)+", ErrorMessage = "White space is not allowed.")]
    [Editable(true)]
    public override string UserName { get; set; }
}

    and in the view:

    @using Microsoft.Web.Helpers
@model CreateUserModel
@{
    ReCaptcha.PublicKey = "... public key obtained from Google ...";
}

<script src="@Url.Content("~/Scripts/jquery.validate.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/jquery.validate.unobtrusive.js")" type="text/javascript"></script>

@using (Html.BeginForm())
{
    @Html.EditorFor(x => x.UserName)
    @Html.ValidationMessageFor(x => x.UserName)
    @ReCaptcha.GetHtml(theme: "red")
    <button type="submit">OK</button>
}

    and in the controller:

    [HttpPost]
public ActionResult IsUID_Available(string username)
{
    if (!ReCaptcha.Validate(privateKey: "... private key obtained from Google ..."))
    {
        return Json("sorry, please enter a correct Captcha first");
    }

    // TODO: the user entered a correct Captcha => you can proceed
    // into usrname existence verification:
    bool userExists = _repository.UserExists(username);
    return Json(userExists);
}
    • 0