Altcha.Net 1.0.0

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. .NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher. .NET Framework 4.8 This package targets .NET Framework 4.8. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package Altcha.Net --version 1.0.0
                    


                    

                
NuGet\Install-Package Altcha.Net -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Altcha.Net" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Altcha.Net" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Altcha.Net" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Altcha.Net --version 1.0.0
                    


                    

                
#r "nuget: Altcha.Net, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Altcha.Net@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Altcha.Net&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Altcha.Net&version=1.0.0
                    


                            Install as a Cake Tool

Altcha.Net

Altcha.Net est une librairie .NET open-source communautaire et non officielle pour utiliser ALTCHA en mode proof-of-work auto-heberge. Elle ne depend pas d'ALTCHA Sentinel, n'appelle aucune API ALTCHA externe et vise les applications modernes comme les sites legacy ASP.NET Framework 4.8.

Le MVP implemente le format proof-of-work SHA-256 historique d'ALTCHA et vise la compatibilite avec le widget ALTCHA en mode legacy PoW v1. La compatibilite navigateur reelle doit encore etre confirmee sur des integrations applicatives completes.

Cas d'usage

  • Site ASP.NET Framework 4.8 legacy.
  • Site VB.NET MVC ou WebForms.
  • Site ASP.NET MVC C#.
  • Site ASP.NET Core avec integration manuelle simple.
  • Captcha leger sans serveur Sentinel.

Alpha status

Cette version est destinee a une publication alpha NuGet.

  • API publique encore susceptible d'ajustements limites avant stabilisation.
  • Compatibilite legacy SHA-256 couverte par tests unitaires et test protocole local.
  • Compatibilite navigateur/widget a valider sur de vrais formulaires avant usage production.
  • Anti-replay memoire adapte a une instance unique uniquement.

Installation

dotnet add package Altcha.Net

Quick Start C#

using Altcha.Net;

var store = new MemoryAltchaReplayStore();

var service = new AltchaService(new AltchaOptions
{
    SecretKey = Environment.GetEnvironmentVariable("ALTCHA_SECRET")!,
    ChallengeExpiry = TimeSpan.FromMinutes(2),
    Complexity = new AltchaComplexity(50000, 100000)
}, store);

AltchaChallenge challenge = service.GenerateChallenge();

string altchaFormValue = Request.Form["altcha"];
AltchaValidationResult result = service.ValidateResponse(altchaFormValue);

if (!result.IsValid)
{
    // Rejeter le POST et afficher une erreur utilisateur.
}

Pour un endpoint challenge, renvoyez directement le JSON du challenge :

public ActionResult Challenge()
{
    return Content(AltchaProvider.Service.GenerateChallenge().ToJson(), "application/json");
}

Widget HTML

Hebergez le script du widget ALTCHA dans votre application, puis pointez challenge vers votre endpoint local.

<script async defer src="/scripts/altcha.min.js" type="module"></script>

<form method="post" action="/Contact/Submit">
  <input name="email" type="email" required>
  <textarea name="message" required></textarea>

  <altcha-widget challenge="/altcha/challenge"></altcha-widget>

  <button type="submit">Envoyer</button>
</form>

Le widget poste ensuite un champ de formulaire altcha contenant un JSON encode en Base64.

ASP.NET Framework 4.8 / VB.NET

Exemple WebForms VB.NET avec un handler .ashx pour le challenge.

Imports Altcha.Net

Public NotInheritable Class AltchaProvider
    Public Shared ReadOnly Service As New AltchaService(
        New AltchaOptions With {
            .SecretKey = Environment.GetEnvironmentVariable("ALTCHA_SECRET"),
            .ChallengeExpiry = TimeSpan.FromMinutes(2),
            .Complexity = New AltchaComplexity(50000, 100000)
        },
        New MemoryAltchaReplayStore())
End Class

Imports System.Web

Public Class AltchaChallengeHandler
    Implements IHttpHandler

    Public Sub ProcessRequest(context As HttpContext) Implements IHttpHandler.ProcessRequest
        context.Response.ContentType = "application/json"
        context.Response.Write(AltchaProvider.Service.GenerateChallenge().ToJson())
    End Sub

    Public ReadOnly Property IsReusable As Boolean Implements IHttpHandler.IsReusable
        Get
            Return True
        End Get
    End Property
End Class

Protected Sub SubmitButton_Click(sender As Object, e As EventArgs) Handles SubmitButton.Click
    Dim result = AltchaProvider.Service.ValidateResponse(Request.Form("altcha"))

    If Not result.IsValid Then
        ErrorLabel.Text = "Validation ALTCHA invalide."
        Return
    End If

    ErrorLabel.Text = ""
    SuccessLabel.Text = "Message envoye."
End Sub

Des fichiers complets sont disponibles dans examples/Altcha.Net.Examples.AspNetWebForms.VbNet.

ASP.NET MVC C#

public sealed class AltchaController : Controller
{
    [HttpGet]
    public ActionResult Challenge()
    {
        return Content(AltchaProvider.Service.GenerateChallenge().ToJson(), "application/json");
    }
}

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Submit(ContactForm model)
{
    var result = AltchaProvider.Service.ValidateResponse(Request.Form["altcha"]);
    if (!result.IsValid)
    {
        ModelState.AddModelError("", "Validation ALTCHA invalide.");
        return View("Index", model);
    }

    return RedirectToAction("Thanks");
}

Des fichiers complets sont disponibles dans examples/Altcha.Net.Examples.AspNetMvc.CSharp.

ASP.NET Core

Le MVP n'ajoute pas encore de package Altcha.Net.AspNetCore. L'integration reste volontairement explicite :

builder.Services.AddSingleton<IAltchaReplayStore, MemoryAltchaReplayStore>();
builder.Services.AddSingleton(sp => new AltchaService(new AltchaOptions
{
    SecretKey = builder.Configuration["Altcha:SecretKey"]!,
    ChallengeExpiry = TimeSpan.FromMinutes(2)
}, sp.GetRequiredService<IAltchaReplayStore>()));

app.MapGet("/altcha/challenge", (AltchaService altcha) => Results.Json(altcha.GenerateChallenge()));

Configuration

  • SecretKey : cle HMAC serveur. Ne jamais l'exposer au navigateur.
  • ChallengeExpiry : duree de validite courte, par defaut 2 minutes.
  • Complexity : plage du nombre proof-of-work. Par defaut 50000..100000.
  • IAltchaReplayStore : store anti-replay. Le MVP fournit MemoryAltchaReplayStore, thread-safe.
  • Algorithm : seul SHA-256 est supporte dans ce MVP.

Production Checklist

  • Stocker SecretKey dans un secret manager ou une variable d'environnement.
  • Servir le site en HTTPS.
  • Heberger le script du widget localement si votre politique de securite l'exige.
  • Utiliser un store partage en multi-instance.
  • Eviter MemoryAltchaReplayStore en production multi-serveur.
  • Garder une expiration courte.
  • Surveiller les erreurs sans logger les payloads ALTCHA ni la cle secrete.

Limites du MVP

  • Pas d'integration ALTCHA Sentinel.
  • Pas de spam filter API.
  • Pas de Redis integre.
  • Proof-of-work uniquement.
  • SHA-256 uniquement.
  • Pas encore d'adaptateur IDistributedCache.
  • Store memoire non recommande en multi-instance.

Build, Test, Pack

dotnet restore Altcha.Net.sln
dotnet build Altcha.Net.sln --configuration Release
dotnet test Altcha.Net.sln --configuration Release
dotnet pack src/Altcha.Net/Altcha.Net.csproj --configuration Release --output artifacts

References

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 is compatible.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Altcha.Net:

Package Downloads
Altcha.Net.AspNetCore

Optional ASP.NET Core integration helpers for Altcha.Net.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.0 120 5/22/2026
1.0.0 99 5/6/2026