AjaxControlToolkit NoBotState is always InvalidBadResponse

Asked 27/10, 2011 at 11:29 Answered 17/4, 2014 at 23:30

I am trying to implement AjaxControlToolkit NoBot but I always get false from IsValid() method (the state value is always InvalidBadResponse). Am I missing something here?

ASCX code:

// buttons, textboxes etc.
<asp:NoBot ID="NoBot1" 
           runat="server"             
           CutoffMaximumInstances="5" 
           CutoffWindowSeconds="60" 
           ResponseMinimumDelaySeconds="2"
           />

Code behind:

protected void Button1_Click(object sender, EventArgs e)
{
    AjaxControlToolkit.NoBotState state;

    if (!NoBot1.IsValid(out state))
    {
        Page page = HttpContext.Current.Handler as Page;
        ScriptManager.RegisterStartupScript(page, page.GetType(), "err_msg", "alert('" + " BOT " + "');", true);
    }
     else
    { ...}
}

Far more weird is this: I enter data for login and click on asp button. NoBot state is InvalidBadResponse and it fails. But, then I click on browser's refresh button it asks me to resend request I say ok and now state is valid! Why?

Asclepiadean answered 27/10, 2011 at 11:29 Comment(8)

Could you show your authentication code? Does ViewState and SessionState enabled? – Lombardi 28/10, 2011 at 11:14

Yes everything is enabled. Authentication code is standard membership methods (Validate user, if not Failed login) it works. And that code is in "ELSE" block in my upper code. But first time NotBot1.IsValid state is always InvalidBadResponse. But when I press refresh it is valid. To be worse I have downloaded example code from tutorial page and again same problem. I test this on localhost. – Asclepiadean 28/10, 2011 at 12:12

Do you use UpdatePanels on a page? If you do, could you show markup? – Lombardi 28/10, 2011 at 12:56

No I don't use any UpdatePanel. This is custom dotNetNuke module. Dnn use asp scriptManager. I can't change it. Does NoBot require ToolkitScriptManager? – Asclepiadean 28/10, 2011 at 13:20

looks like there is a mismatch between controlstate value in SessionState and stored in hidden field on the page. Try to put the NoBot control into UpdatePanel with UpdateMode="Alwyas" – Lombardi 28/10, 2011 at 14:0

I tried that and it doesn't work hmmm... – Asclepiadean 29/10, 2011 at 6:24

Does this behavior change in different browsers? Specifically the change from Valid to Not Valid after a refresh that you mention at the end. – Bunsen 2/11, 2011 at 15:0

Were you ever able to figure out the problem here? I've recently had this same thing happen. – Calen 9/8, 2012 at 14:50

The only reason I know of that you'll get an "InvalidBadResponse" from the NoBot control is if you have javascript disabled in your browser. The documentation page states that one of the techniques used by NoBot is

Forcing the client's browser to perform a configurable JavaScript calculation and verifying the result as part of the postback. (Ex: the calculation may be a simple numeric one, or may also involve the DOM for added assurance that a browser is involved)

An "InvalidBadRespone" message means that the javascript did not get executed (also from the link above):

InvalidBadResponse: An invalid response was provided to the challenge suggesting the challenge script was not run

I would double check your browser settings. I've tested this by disabling javascript in my browser (just to make sure) and trying the example on the documentation page.

You can customize the calculation using the OnGenerateChallengeAndResponse attribute to specify an Event Handler. I good example of implementing one such event handler is this (code credit to this post):

protected void PageNoBot_GenerateChallengeAndResponse(object sender, AjaxControlToolkit.NoBotEventArgs e)
{
    Random r = new
    Random();

    int iFirst = r.Next(100);

    int iSecond = r.Next(100);
    e.ChallengeScript = String.Format("eval('{0}+{1}')", iFirst, iSecond);
    e.RequiredResponse = Convert.ToString(iFirst + iSecond);  
}

Bunsen answered 1/11, 2011 at 16:33 Comment(0)

Please refer this

http://www.asp.net/ajaxlibrary/AjaxControlToolkitSampleSite/NoBot/NoBot.aspx

http://www.asp.net/ajaxlibrary/HOW%20TO%20Use%20the%20NoBot%20Control.ashx

Eudemonia answered 1/11, 2011 at 6:16 Comment(0)

As mentioned in other answers, InvalidBadResponse is due to the Javascript challenge failing.

The problem:

The reason it was failing for me was because the ASP.NET ajax libraries needed to run this were failing to load; have a look at your browser's javascript debugger; this is what mine (in Chrome) looked like

enter image description here

As you can see, the .axd files were not being served and the error ASP.NET Ajax client-side framework failed to load error was pretty telling.

The cause: (in my case)

I had an url re-write rule that accidentally altered the .axd urls - causing them not to be served.

I would recommend checking your web.config, if needed adding the line

<add input="{URL}" pattern="\.axd$" negate="true"/>

to your rules and this

routes.Ignore("{resource}.axd/{*pathInfo}");

in your Global.asax (if you have one) where (and if) you register routes.

Check this SO answer out: Ajax client-side framework failed to load Asp.Net 4.0

Allaallah answered 4/5, 2013 at 21:27 Comment(0)

Another possible cause might be the ViewStateMode of the master, page or control being set to Disabled. Seems that it needs to be Enabled for the NoBot to work properly.

I was doing some tests with ViewStateMode="Disabled" on my CMS's Master page, and NoBotState started to return InvalidBadResponses on my login page. Changing it to ViewStateMode="Enabled" fixed it for me.

Galvan answered 17/4, 2014 at 23:30 Comment(0)

Recommended topics

Hot tags