Implement universal web captcha graphical verification code Javascript script API Service (Javascript script dynamic page reference)

I always wanted to make a general JavaScript web API graphic Verification Code Service
This encapsulation is more common than making it an ASP. NET Server webcontrol. It provides the "Web graphic verification code" service for any consumption pages (HTM, JSP, PHP, ASP, and aspx ).
The following are some key notes:
1. captchaplaceholder. aspx is a javascript page whose contenttype is text/X-JavaScript, which is directly referenced by JavaScript SRC on the "Consumption page ".
On the consumption page, you can use the querystring parameter to customize the request "graphic Verification Code". The main parameters are described as follows:
Id = the ID of the XXX graphic verification code. Multiple "graphic verification codes" can be referenced on one page. Program Allocate
L = 4 number of letters in the graphic verification code length
W = 140 width of the graphic Verification Code
H = 40 height of the graphic Verification Code
Callback = _ 0hi1 javascipt callback function name, "graphic Verification Code Service" generates a verification code by calling this callback function to notify the "Consumer page" of the ciphertext of the Verification Code
Sign = sha1 or MD5 Signature Method. When the "graphic Verification Code Service" notifies the "Consumer page" of the ciphertext of the verification code, you can also provide the RSA sha1 or RSA MD5 Signature to the "Consumer page" based on this parameter,
The RSA private key signature used by the "graphic Verification Code Service" signature, and the RSA public key used for signature verification on the "Consumer page" and "pre-obtained" and "graphic Verification Code Service"
RSA = "Consumer page" requires "graphic Verification Code Service" the "Public Key" used for RSA encryption. If this parameter is null, "graphic Verification Code Service" uses the tripledes encryption method and uses
"Consumer page": encrypts the pre-defined public shared key and IV and calls back the notification "Consumer page"
Refresh = Refresh "Consumer page" specifies the name of the JavaScript function for "Refresh verification code", which is implemented by "graphic Verification Code Service" for "Consumer page"
2. After the "graphic Verification Code Service" generates the verification code, the callback "Consumption page" parameters are described as follows:
Id pre-allocated on the clientid consumption page
Encryptmode encryption method: 3DES or RSA
Encryptdata ciphertext data in hexstring format
Rsasignature RSA signature data in hexstring format
3. After the "graphic verification code" is generated by the "graphic Verification Code Service" and encrypted together with the generated "timestamp", the "Consumer page" is notified through the callback function ",
On the "Consumer page", you can save the ciphertext verification code to the hidden domain of the form, and submit the plaintext Verification Code recognized and filled by the user to your background, use the pre-obtained shared 3DES key or provide RSA to the "graphic verification code"
The "Private Key" corresponding to the "Public Key" of the service is decrypted to verify whether the timestamp times out and whether the plaintext verification code entered by the user is consistent with the decrypted verification code, you can also use the RSA public key provided by the "graphic Verification Code Service" and "pre,
And the MD5 or sha1 verification method specified when a request is sent to generate a verification code, to help the "Consumer page" server program verify that the verification code is issued by the "graphic verification code service, anti-tampering, anti-fraud, anti-Spying
4. program list:
Captchaplaceholder. aspx graphic Verification Code javascript API Service Page
Captchaplaceholder. aspx. CS
Captchagenerator. aspx
Captchagenerator. aspx. CS
CAPTCHA. aspx
CAPTCHA. aspx. CS
Web. config
Sample.html consumption page
The following describes the technical implementation details and benefits.
1. Without using cookies, you can load multiple "graphic verification codes" on the same consumption page without interfering with each other, and provide the verification code service across domain names.
2. Do not use session and other "server-side session state persistence" technology, use the "client session state persistence (querystring)" technology, and use the "encryption technology" to transmit parameter data. Therefore, Server Load balancer is supported.
3. To provide services for any page, the JavaScript scripts generated by the graphic Verification Code Service cannot conflict with the parent page, and supports IE, Firefox, and chrome
Use guid to generate related elementid, functionname, and variables
4. Use the dynamically generated script element to submit data across domains, refresh the page locally, delete the last generated dynamic script element before the next refresh, and generate a new dynamic script element to submit data and communicate with the server.
5. Use encryption technology to encrypt the original data with the timestamp to prevent expired replay.
6. because the requested "querystring" data needs to be used to generate scripts, that is, output to the page, it is necessary to prevent cross-site scripting attacks caused by Javascript script injection XSS attack, the main method is to request the user
Javascript encode encoding (antixss. javascriptencode) is output. In addition, input validation can be performed to detect suspicious input, ignore it, and output
7. The graphic verification code prevents Automatic Identification by machines and finds some ready-made codes from the Internet. Code After some modifications, CAPTCHA's graphic verification code is still relatively difficult.
(1). Painting Noise
(2) Draw noise lines
(3) automatically calculate the appropriate fontsize Based on the image size, and draw a string at the right position using a random progressive color brush.
(4). distorted images

Effect

 

 

Complete code for implementing the universal WEB graphic Verification Code Javascript script API Service (Javascript script dynamic page reference)
Http://www.cnblogs.com/Microshaoft/archive/2008/12/14/1354741.html