It's a simple honeypot implementation for ASP.NET Core to detect bot posts.
- Register honeypot service.
public void ConfigureServices(IServiceCollection services)
{
services.AddHoneypot();
}
- Add tag helper to _ViewImports.cshtml
@addTagHelper *, AspNetCore.Honeypot
- Place any honeypot tag to a form with a custom name (e.g. "name", "email" or "city") and use your css class to hide it.
<honeypot-field name="email" class="hide" />
<honeypot-field name="name" class="hide" />
<honeypot-field name="city" class="hide" />
- Place one time-based honeypot tag.
<honeypot-time />
- Bot detection handling
4.1 Place the honeypot attribute to your action method for automatic bot detection handling.
[Honeypot]
[HttpPost]
public async Task<IActionResult> PostRegister(RegisterViewModel registerData)
{
//..
}
4.2 Use the extension method to handle bot detection by yourself.
[HttpPost]
public async Task<IActionResult> PostRegister(RegisterViewModel registerData)
{
if (await HttpContext.IsHoneypotTriggeredAsync())
{
ModelState.Clear();
ModelState.AddModelError("", "bot detection");
//log
return View("Register", new RegisterViewModel());
}
}