NotBot 1.0.3

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package NotBot --version 1.0.3
                    


                    

                
NuGet\Install-Package NotBot -Version 1.0.3
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="NotBot" Version="1.0.3" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="NotBot" Version="1.0.3" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="NotBot" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add NotBot --version 1.0.3
                    


                    

                
#r "nuget: NotBot, 1.0.3"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package NotBot@1.0.3
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=NotBot&version=1.0.3
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=NotBot&version=1.0.3
                    


                            Install as a Cake Tool

NotBot

NotBot is a lightweight and secure CAPTCHA generation and verification library for ASP.NET Core.
It uses digital signatures (HMAC-SHA256) and client fingerprinting (IP + User-Agent) to ensure the CAPTCHA cannot be reused or tampered with.

Features

  • Generate image-based CAPTCHAs with customizable character length
  • Validate CAPTCHAs with secure HMAC signatures
  • Bind CAPTCHA to a specific client using fingerprinting (IP + User-Agent)
  • Expiration time for each CAPTCHA
  • Built-in middlewares for extracting CAPTCHA tokens and client fingerprints
  • Works on both Linux and Windows

Requirements

  • Default fonts are: Arial, Verdana, Times New Roman.
  • If you want to run your application on Linux, make sure Liberation Sans is installed first.

Usage

1. Register the Service

using NotBot;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddNotBot(options =>
{
    options.CharactersCount = 6; // Number of CAPTCHA characters
    options.CaptchaCodeExpirationSeconds = 120; // Expiration time in seconds
    options.SecretKey = "A_Strong_Key_For_HMAC"; // Secret key for signing
});

2. Add Middlewares

var app = builder.Build();

app.UseClientSignatureExtractor();
app.UseCaptchaTokenExtractor();

app.MapControllers();

app.Run();

3. Generate a CAPTCHA

Call the BuildCaptcha method from your implementation of INotBotService to generate the CAPTCHA image and token.

You can expose it through your own API endpoint, or integrate it into an existing endpoint.
For example, you might create an endpoint like /captcha/build that returns the image along with the token in the response headers.

4. Verify a CAPTCHA

public class SampleService(INotBotService notBotService)

    public async Task<ResultData> DoSomething(RequestData request, CancellationToken cancellationToken = default)
    {

        ...
        ...
        ...

        if (!RequestScope.CaptchaToken.HasValue())
        {
            throw new CaptchaTokenIsRequiredException();
        }

        var isValid = notBotService.VerifyCaptcha(new VerifyCaptchaDto(request.Captcha, NotBotRequestScope.CaptchaToken));
        if (!isValid)
        {
            throw new InvalidCaptchaException();
        }

        ...
        ...
        ...
    }
}

Best Practices

  • Always use a strong, random SecretKey for signing.
  • Serve the CAPTCHA image over HTTPS.
  • Never expose the generated code to the client; only send the signed token.
Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.3.0 354 11/30/2025
1.0.4 352 11/30/2025
1.0.3 201 9/7/2025
1.0.2 205 8/13/2025
1.0.1 189 8/13/2025
1.0.0 188 8/12/2025

Version 1.0.0 - 2025-08-12
Added secure CAPTCHA generation and verification using HMAC-SHA256 signatures.

Implemented client fingerprinting with IP and User-Agent for enhanced security.

Provided middleware components for extracting CAPTCHA tokens and client signatures.

Improved CAPTCHA image generation with configurable character count and expiration time.

Added support for both Linux and Windows platforms.

Fixed minor bugs and improved overall stability.