>>>Hi,
>>>
>>>A customer mentioned to me that they would like to improve security of my ASP.NET application by adding the "capture" feature (this is what it sounded to me like on the phone). Has anybody done this feature? What is involved?
>>>
>>>TIA
>>
>>It is called CAPTCHA. This is what you get on some websites that show you a distorted graphic of text and request you type in what you read. It tries to keep automated programs from accessing your site or certain functionality.
>>
>>Some commercial versions of CAPTCHA type controls are available - Infragistics has one that I've used.
>>
>>I assume there are open source versions as well.
>
>Thank you, William. So they would have to enter this "distorted graphic" every time they submit something from my web application?! My customers will start the riots that will make the ones in France pale in comparison <g>

It's not all that bad if you keep the captcha output reasonable. I think most controls allow you to specify what letters are output and whether it is case sensitive.

If a user hits a page where they should be verified with a captcha control, verify them and set a session variable so they do not have to do it again for the session duration.