Altcha.Net 1.1.0

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. .NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher. .NET Framework 4.8 This package targets .NET Framework 4.8. The package is compatible with this framework or higher. 
dotnet add package Altcha.Net --version 1.1.0
                    


                    

                
NuGet\Install-Package Altcha.Net -Version 1.1.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Altcha.Net" Version="1.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Altcha.Net" Version="1.1.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Altcha.Net" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Altcha.Net --version 1.1.0
                    


                    

                
#r "nuget: Altcha.Net, 1.1.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Altcha.Net@1.1.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Altcha.Net&version=1.1.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Altcha.Net&version=1.1.0
                    


                            Install as a Cake Tool

Altcha.Net

NuGet Build License

Altcha.Net est une librairie .NET open-source communautaire et non officielle pour utiliser ALTCHA en mode proof-of-work auto-heberge.

Elle ne depend pas d'ALTCHA Sentinel, n'appelle aucune API ALTCHA externe et vise les applications modernes comme les sites legacy ASP.NET Framework 4.8.

Altcha.Net fournit un captcha proof-of-work simple. Ce n'est pas une solution anti-spam ou anti-bot complete.

Install

dotnet add package Altcha.Net

Package ASP.NET Core optionnel:

dotnet add package Altcha.Net.AspNetCore

La cible .NET Framework 4.8 n'ajoute pas System.Text.Json ni Microsoft.Bcl.AsyncInterfaces. La cible .NET Standard 2.0 reference System.Text.Json sur la ligne 8.0.x (8.0.6); .NET 10 utilise le framework partage.

ASP.NET Core quick start

using Altcha.Net;
using Altcha.Net.AspNetCore;

builder.Services.AddAltcha(options =>
{
    options.SecretKey = builder.Configuration["Altcha:SecretKey"]!;
    options.ChallengeExpiry = TimeSpan.FromMinutes(2);
    options.AllowedClockSkew = TimeSpan.FromSeconds(10);
    options.Complexity = new AltchaComplexity(50000, 100000);
});

app.MapAltchaChallenge("/altcha/challenge");

Pour utiliser un cache partage:

builder.Services.AddDistributedMemoryCache();
builder.Services.AddAltcha(builder.Configuration.GetSection("Altcha"));
builder.Services.AddDistributedAltchaReplayStore();

Mode atomique strict (recommande en multi-instance) avec un backend qui supporte une operation de type SET key value NX EX:

builder.Services.AddStackExchangeRedisCache(options =>
{
    options.Configuration = builder.Configuration.GetConnectionString("Redis");
});

builder.Services.AddSingleton<IAtomicAltchaReplayStore, RedisAtomicAltchaReplayStore>();
builder.Services.AddAltcha(builder.Configuration.GetSection("Altcha"));
builder.Services.AddDistributedAltchaReplayStore(DistributedAltchaReplayStoreMode.StrictAtomic);

DistributedCacheAltchaReplayStore utilise IDistributedCache. Cette abstraction ne garantit pas une insertion atomique pour tous les providers.

Endpoint hardening

L'endpoint challenge peut etre durci avec des conventions optionnelles:

using Altcha.Net;
using Altcha.Net.AspNetCore;
using Microsoft.AspNetCore.RateLimiting;
using System.Threading.RateLimiting;

builder.Services.AddAltcha(builder.Configuration.GetSection("Altcha"));
builder.Services.AddRateLimiter(options =>
{
    options.AddFixedWindowLimiter("altcha-challenge", limiter =>
    {
        limiter.PermitLimit = 30;
        limiter.Window = TimeSpan.FromMinutes(1);
        limiter.QueueLimit = 0;
    });
});

var app = builder.Build();

app.UseRateLimiter();

app.MapAltchaChallenge("/altcha/challenge", security =>
{
    security.RateLimitingPolicyName = "altcha-challenge";
    security.AllowedHosts = ["example.com", "www.example.com"];
    // Cache-Control: no-store est active par defaut.
});

Exemple Minimal API pour valider un formulaire:

app.MapPost("/contact", async (HttpRequest request, AltchaService altchaService, CancellationToken ct) =>
{
    var form = await request.ReadFormAsync(ct);
    var result = altchaService.ValidateResponse(form["altcha"]);

    if (!result.IsValid)
    {
        return Results.BadRequest(new { error = result.Error.ToString() });
    }

    return Results.Ok();
});

Exemple minimal sans rate limiter (seulement Cache-Control: no-store):

app.MapAltchaChallenge("/altcha/challenge");

ASP.NET Framework 4.8 quick start

using Altcha.Net;

var service = new AltchaService(new AltchaOptions
{
    SecretKey = Environment.GetEnvironmentVariable("ALTCHA_SECRET")!,
    ChallengeExpiry = TimeSpan.FromMinutes(2),
    AllowedClockSkew = TimeSpan.FromSeconds(10),
    Complexity = new AltchaComplexity(50000, 100000)
}, new MemoryAltchaReplayStore());

Endpoint challenge MVC:

public ActionResult Challenge()
{
    return Content(AltchaProvider.Service.GenerateChallenge().ToJson(), "application/json");
}

Validation POST:

var result = AltchaProvider.Service.ValidateResponse(Request.Form["altcha"]);
if (!result.IsValid)
{
    ModelState.AddModelError("", "Validation ALTCHA invalide.");
    return View(model);
}

Des exemples sont disponibles dans:

  • examples/Altcha.Net.Examples.AspNetMvc.CSharp
  • examples/Altcha.Net.Examples.AspNetWebForms.VbNet
  • examples/Altcha.Net.Examples.AspNetCore.MinimalApi

Widget HTML

Hebergez le script du widget ALTCHA dans votre application, puis pointez challenge vers votre endpoint local.

<script async defer src="/scripts/altcha.min.js" type="module"></script>

<form method="post" action="/Contact/Submit">
  <input name="email" type="email" required>
  <textarea name="message" required></textarea>
  <altcha-widget challenge="/altcha/challenge"></altcha-widget>
  <button type="submit">Envoyer</button>
</form>

Le widget poste un champ de formulaire altcha contenant un JSON encode en Base64.

Configuration

  • SecretKey: cle HMAC serveur. Ne jamais l'exposer au navigateur.
  • ChallengeExpiry: duree de validite courte, par defaut 2 minutes.
  • Complexity: plage du nombre proof-of-work, par defaut 50000..100000.
  • AllowedClockSkew: marge de tolerance inter-noeuds pour l'expiration, par defaut 10 secondes (recommande entre 5 et 30 secondes avec NTP actif).
  • IAltchaReplayStore: store anti-replay.
  • Algorithm: seul SHA-256 est supporte actuellement.

Production notes

  • Stocker SecretKey dans un secret manager ou une variable d'environnement.
  • Servir le site en HTTPS.
  • Garder une expiration courte.
  • Synchroniser les horloges serveurs via NTP (chrony/systemd-timesyncd/Windows Time) pour limiter le skew.
  • Ne pas logger les payloads ALTCHA complets ni la cle secrete.
  • Utiliser un store partage en multi-instance.
  • Eviter MemoryAltchaReplayStore en production multi-serveur.
  • AddDistributedAltchaReplayStore(DistributedAltchaReplayStoreMode.BestEffort) utilise IDistributedCache en fallback best effort: anti-replay non strictement atomique.
  • AddDistributedAltchaReplayStore(DistributedAltchaReplayStoreMode.StrictAtomic) exige IAtomicAltchaReplayStore et garantit un "insert-if-absent" atomique entre workers (ex: Redis SET ... NX EX).

Known limitations

  • Pas d'integration ALTCHA Sentinel.
  • Pas de spam filter API ALTCHA.
  • Proof-of-work uniquement.
  • SHA-256 uniquement.
  • Pas de Redis integre.
  • IDistributedCache ne fournit pas toujours une atomicite stricte.

Not affiliated with ALTCHA

Altcha.Net est une implementation communautaire non officielle. Ce projet n'est pas affilie, approuve ou sponsorise par ALTCHA.

Build, Test, Pack

dotnet restore Altcha.Net.sln
dotnet build Altcha.Net.sln --configuration Release
dotnet test Altcha.Net.sln --configuration Release
dotnet pack src/Altcha.Net/Altcha.Net.csproj --configuration Release --output artifacts
dotnet pack src/Altcha.Net.AspNetCore/Altcha.Net.AspNetCore.csproj --configuration Release --output artifacts

References

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 is compatible.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • .NETFramework 4.8

    • No dependencies.

  • .NETStandard 2.0

  • net10.0

    • No dependencies.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Altcha.Net:

Package Downloads
Altcha.Net.AspNetCore

Optional ASP.NET Core integration helpers for Altcha.Net.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.0 114 5/22/2026
1.0.0 96 5/6/2026