Skip to content

Simple honeypot implementation for ASP.NET Core to detect bot posts

License

Notifications You must be signed in to change notification settings

usercode/AspNetCore.Honeypot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AspNetCore.Honeypot

It's a simple honeypot implementation for ASP.NET Core to detect bot posts.

License: MIT nuget

How to use it

  1. Register honeypot service.
 public void ConfigureServices(IServiceCollection services)
 {
      services.AddHoneypot();
 }
  1. Add tag helper to _ViewImports.cshtml
@addTagHelper *, AspNetCore.Honeypot
  1. Place any honeypot tag to a form with a custom name (e.g. "name", "email" or "city") and use your css class to hide it.
<honeypot-field name="email" class="hide" />
<honeypot-field name="name" class="hide" />
<honeypot-field name="city" class="hide" />
  1. Place one time-based honeypot tag.
<honeypot-time />
  1. Bot detection handling

4.1 Place the honeypot attribute to your action method for automatic bot detection handling.

  [Honeypot]
  [HttpPost]
  public async Task<IActionResult> PostRegister(RegisterViewModel registerData)
  {
      //..
  }

4.2 Use the extension method to handle bot detection by yourself.

  [HttpPost]
  public async Task<IActionResult> PostRegister(RegisterViewModel registerData)
  {
      if (await HttpContext.IsHoneypotTriggeredAsync())
      {
          ModelState.Clear();
          ModelState.AddModelError("", "bot detection");

          //log

          return View("Register", new RegisterViewModel());
      }
  }