Ixnas.AltchaNet
0.1.3
dotnet add package Ixnas.AltchaNet --version 0.1.3
NuGet\Install-Package Ixnas.AltchaNet -Version 0.1.3
<PackageReference Include="Ixnas.AltchaNet" Version="0.1.3" />
paket add Ixnas.AltchaNet --version 0.1.3
#r "nuget: Ixnas.AltchaNet, 0.1.3"
// Install Ixnas.AltchaNet as a Cake Addin
#addin nuget:?package=Ixnas.AltchaNet&version=0.1.3
// Install Ixnas.AltchaNet as a Cake Tool
#tool nuget:?package=Ixnas.AltchaNet&version=0.1.3
Altcha.NET
Server-side implementation of the ALTCHA challenge in C#.
Features
- Compatible with the ALTCHA client-side widget
- Independent from ASP.NET (Core)
- Replay attack prevention by denying previously verified challenges
- Expiring challenges
Installation
This library is available on NuGet, so you can add it to your project as follows:
dotnet add package Ixnas.AltchaNet
Set up
The entrypoint of this library contains a service builder. This builder configures the service that is used to create ALTCHA challenges and validate their responses. The most basic configuration looks like this:
var altchaService = Altcha.CreateServiceBuilder()
.UseSha256(key)
.UseStore(store)
.Build();
Here is a description of the different configuration options.
| Method | Description |
|---|---|
UseStore(IAltchaChallengeStore store) |
(Required) Configures a store to use for previously verified ALTCHA responses. Used to prevent replay attacks. |
UseSha256(byte[] key) |
(Required) Configures the SHA-256 algorithm for hashing and signing. Currently the only supported algorithm. |
SetComplexity(int min, int max) |
(Optional) Overrides the default complexity to tweak the amount of computational effort a client has to put in. See https://altcha.org/docs/complexity/ for more information (default 50000, 100000). |
SetExpiryInSeconds(int expiryInSeconds) |
(Optional) Overrides the default time it takes for a challenge to expire (default 120). |
UseInMemoryStore() |
Configures a simple in-memory store for previously verified ALTCHA responses. Should only be used for testing purposes. |
Build() |
Returns a new configured service instance. |
Key
The library requires a key to sign and verify ALTCHA challenges. You can use a random number generator from .NET to create one for you:
var key = new byte[64];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(key);
}
Store
The library requires a store implementation to store previously verified challenge responses.
You can use anything persistent, like a database or a file.
As long as it implements the IAltchaChallengeStore interface, it will work.
You can use expiryUtc to periodically remove expired challenges from your store.
For example, the bundled in-memory store looks similar to this:
public class InMemoryStore : IAltchaChallengeStore
{
private class StoredChallenge
{
public string Challenge { get; set; }
public DateTimeOffset ExpiryUtc { get; set; }
}
private readonly List<StoredChallenge> _stored = new List<StoredChallenge>();
public Task Store(string challenge, DateTimeOffset expiryUtc)
{
var challengeToStore = new StoredChallenge
{
Challenge = challenge,
ExpiryUtc = expiryUtc
};
_stored.Add(challengeToStore);
return Task.CompletedTask;
}
public Task<bool> Exists(string challenge)
{
_stored.RemoveAll(storedChallenge => storedChallenge.ExpiryUtc <= DateTimeOffset.UtcNow);
var exists = _stored.Exists(storedChallenge => storedChallenge.Challenge == challenge);
return Task.FromResult(exists);
}
}
Usage
Generate challenge
To generate a challenge:
var challenge = altchaService.Generate();
The challenge object can be serialized to JSON for the client to use.
Read ALTCHA's documentation on how to use such a
JSON object.
Validate response
To validate a response:
var validationResult = await altchaService.Validate(altchaBase64);
if (!validationResult.IsValid)
/* ... */
The altchaBase64 parameter represents the raw value from the altcha field in a submitted form, so you don't need to
convert anything.
You can run and examine the AspNetCoreExample project as a minimal example.
License
See LICENSE.txt
See LICENSE-ALTCHA.txt for ALTCHA's original license.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
| .NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
| .NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
| .NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
| MonoAndroid | monoandroid was computed. |
| MonoMac | monomac was computed. |
| MonoTouch | monotouch was computed. |
| Tizen | tizen40 was computed. tizen60 was computed. |
| Xamarin.iOS | xamarinios was computed. |
| Xamarin.Mac | xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.0
- System.Text.Json (>= 4.6.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.