NotBot 1.0.1

There is a newer version of this package available.
See the version list below for details.

dotnet add package NotBot --version 1.0.1

NuGet\Install-Package NotBot -Version 1.0.1

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="NotBot" Version="1.0.1" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="NotBot" Version="1.0.1" />
                    

                            Directory.Packages.props

<PackageReference Include="NotBot" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add NotBot --version 1.0.1

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: NotBot, 1.0.1"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package NotBot@1.0.1

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=NotBot&version=1.0.1
                    

                            Install as a Cake Addin

#tool nuget:?package=NotBot&version=1.0.1
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

README.md

# NotBot

**NotBot** is a lightweight and secure CAPTCHA generation and verification library for ASP.NET Core.  
It uses digital signatures (HMAC-SHA256) and client fingerprinting (IP + User-Agent) to ensure the CAPTCHA cannot be reused or tampered with.

---

## Features

- Generate image-based CAPTCHAs with customizable character length
- Validate CAPTCHAs with secure HMAC signatures
- Bind CAPTCHA to a specific client using fingerprinting (IP + User-Agent)
- Expiration time for each CAPTCHA
- Built-in middlewares for extracting CAPTCHA tokens and client fingerprints
- Works on both Linux and Windows

---

## Installation

```bash
dotnet add package NotBot

Usage

1. Register the Service

using NotBot;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddNotBot(options =>
{
    options.CharactersCount = 6; // Number of CAPTCHA characters
    options.CaptchaCodeExpirationSeconds = 120; // Expiration time in seconds
    options.SecretKey = "A_Strong_Key_For_HMAC"; // Secret key for signing
});

2. Add Middlewares

var app = builder.Build();

app.UseClientSignatureExtractor();
app.UseCaptchaTokenExtractor();

app.MapControllers();

app.Run();

3. Generate a CAPTCHA

Call the BuildCaptcha method from your implementation of INotBotService to generate the CAPTCHA image and token.

You can expose it through your own API endpoint, or integrate it into an existing endpoint.
For example, you might create an endpoint like /captcha/build that returns the image along with the token in the response headers.

4. Verify a CAPTCHA

public class SampleService(INotBotService notBotService)

    public async Task<ResultData> DoSomething(RequestData request, CancellationToken cancellationToken = default)
    {

        ...
        ...
        ...

        if (!RequestScope.CaptchaToken.HasValue())
        {
            throw new CaptchaTokenIsRequiredException();
        }

        var isValid = notBotService.VerifyCaptcha(new VerifyCaptchaDto(request.Captcha, NotBotRequestScope.CaptchaToken));
        if (!isValid)
        {
            throw new InvalidCaptchaException();
        }

        ...
        ...
        ...
    }
}

Best Practices

Always use a strong, random SecretKey for signing.
Serve the CAPTCHA image over HTTPS.
Never expose the generated code to the client; only send the signed token.

Product	Compatible and additional computed target framework versions.
.NET	net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net9.0
- Microsoft.AspNetCore.Mvc.Core (>= 2.3.0)
- Microsoft.Extensions.Configuration (>= 9.0.7)
- Microsoft.Extensions.Configuration.Abstractions (>= 9.0.7)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 9.0.7)
- Microsoft.Extensions.Options (>= 9.0.7)
- SixLabors.ImageSharp (>= 3.1.11)
- SixLaborsCaptcha.Core (>= 1.0.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
2.3.0	354	11/30/2025
1.0.4	352	11/30/2025
1.0.3	201	9/7/2025
1.0.2	205	8/13/2025
1.0.1	189	8/13/2025
1.0.0	188	8/12/2025

Version 1.0.0 - 2025-08-12
Added secure CAPTCHA generation and verification using HMAC-SHA256 signatures.

Implemented client fingerprinting with IP and User-Agent for enhanced security.

Provided middleware components for extracting CAPTCHA tokens and client signatures.

Improved CAPTCHA image generation with configurable character count and expiration time.

Added support for both Linux and Windows platforms.

Fixed minor bugs and improved overall stability.