I know this is over a month old now, but in case anyone is interested in a randomized HoneyPot then here's the needed pieces. The reason I went with randomized is in case bot writers started including blacklists for field names like "HoneyPot". You could shorten the code if you don't want it configurable.
Web.config:
<appSettings>
<add key="EnableHoneyPot" value="true" />
<add key="RandomizeHoneyPot" value="true" />
</appSettings>
Register.cshtml (within @using (Html.BeginForm()) {...})
if (ViewBag.HoneyPotEnabled != null && ViewBag.HoneyPotEnabled)
{
@Html.TextBox(Session["HoneyPotName"].ToString(), null, new { style = "display: none;" })
}
CustomerController.cs:
[NonAction]
void ConfigureHoneyPot()
{
string strEnableHoneyPot = ConfigurationManager.AppSettings["EnableHoneyPot"];
bool enableHoneyPot = false;
bool.TryParse(strEnableHoneyPot, out enableHoneyPot);
if (enableHoneyPot)
{
string honeyPotName = "HoneyPot";
string strRandomizeHoneyPot = ConfigurationManager.AppSettings["RandomizeHoneyPot"];
bool randomizeHoneyPot = false;
bool.TryParse(strRandomizeHoneyPot, out randomizeHoneyPot);
if (randomizeHoneyPot)
{
honeyPotName = Path.GetRandomFileName().Replace(".", "");
int length = new Random().Next(10, 20);
if (honeyPotName.Length > length)
{
honeyPotName = honeyPotName.Substring(0, length);
}
}
ViewBag.HoneyPotEnabled = true;
Session["HoneyPotName"] = honeyPotName;
}
else
{
ViewBag.HoneyPotEnabled = false;
}
}
[NonAction]
void TestHoneyPot()
{
string strEnableHoneyPot = ConfigurationManager.AppSettings["EnableHoneyPot"];
bool enableHoneyPot = false;
bool.TryParse(strEnableHoneyPot, out enableHoneyPot);
if (enableHoneyPot)
{
ViewBag.HoneyPotEnabled = true;
string honeyPotName = Session["HoneyPotName"].ToString();
string value = Request.Form[honeyPotName];
if (!string.IsNullOrEmpty(value))
{
ModelState.AddModelError("", "Ahhh, you're a robot!!!");
}
}
}
Add a call to the ConfigureHoneyPot method into the "Register()" action method.
Then add a call to the TestHoneyPot method into the "Register(RegisterModel model, bool captchaValid)" action method just after the captcha check.