AjaxControlToolkit NoBotState is always InvalidBadResponse

Question

I am trying to implement AjaxControlToolkit NoBot but I always get false from IsValid() method (the state value is always InvalidBadResponse). Am I missing something here?

ASCX code:

// buttons, textboxes etc.
<asp:NoBot ID="NoBot1" 
           runat="server"             
           CutoffMaximumInstances="5" 
           CutoffWindowSeconds="60" 
           ResponseMinimumDelaySeconds="2"
           />

Code behind:

protected void Button1_Click(object sender, EventArgs e)
{
    AjaxControlToolkit.NoBotState state;

    if (!NoBot1.IsValid(out state))
    {
        Page page = HttpContext.Current.Handler as Page;
        ScriptManager.RegisterStartupScript(page, page.GetType(), "err_msg", "alert('" + " BOT " + "');", true);
    }
     else
    { ...}
}

Far more weird is this: I enter data for login and click on asp button. NoBot state is InvalidBadResponse and it fails. But, then I click on browser's refresh button it asks me to resend request I say ok and now state is valid! Why?

Answer 1

The only reason I know of that you'll get an "InvalidBadResponse" from the NoBot control is if you have javascript disabled in your browser. The documentation page states that one of the techniques used by NoBot is

Forcing the client's browser to perform a configurable JavaScript calculation and verifying the result as part of the postback. (Ex: the calculation may be a simple numeric one, or may also involve the DOM for added assurance that a browser is involved)

An "InvalidBadRespone" message means that the javascript did not get executed (also from the link above):

InvalidBadResponse: An invalid response was provided to the challenge suggesting the challenge script was not run

I would double check your browser settings. I've tested this by disabling javascript in my browser (just to make sure) and trying the example on the documentation page.

You can customize the calculation using the OnGenerateChallengeAndResponse attribute to specify an Event Handler. I good example of implementing one such event handler is this (code credit to this post):

protected void PageNoBot_GenerateChallengeAndResponse(object sender, AjaxControlToolkit.NoBotEventArgs e)
{
    Random r = new
    Random();

    int iFirst = r.Next(100);

    int iSecond = r.Next(100);
    e.ChallengeScript = String.Format("eval('{0}+{1}')", iFirst, iSecond);
    e.RequiredResponse = Convert.ToString(iFirst + iSecond);  
}

Answer 2

Please refer this

http://www.asp.net/ajaxlibrary/AjaxControlToolkitSampleSite/NoBot/NoBot.aspx

http://www.asp.net/ajaxlibrary/HOW%20TO%20Use%20the%20NoBot%20Control.ashx