DEV Community: Spencer Arnold

Getting Started with Z-turn Board V2: Initial Setup Guide (Part 1)

Spencer Arnold — Fri, 10 Jan 2025 06:45:37 +0000

There aren't many great resources on the Z-turn Board (especially V2) for complete beginners to SoCs with integrated FPGAs, so this is the first part of what I hope to be many on the "bring up" of the board and interesting projects. I hope to get to use the expanded I/O cape as well which will allow me to utilize more of the User I/O pins on the Zinq.

Board Overview

The ZTurn board v2 is a SBC (Single Board Computer) dev platform that combines two main systems:

Processing System (PS):

Dual-core ARM Cortex-A9 processor running up to 866MHz
1GB DDR3 RAM
Standard peripherals (USB, Ethernet, SD card)

Programmable Logic (PL):

Xilinx 7-series FPGA fabric (7020)
85K logic cells
53,200 LUTs and 106,400 flip-flops
220 DSP slices for signal processing

There are also many peripherals as seen in the picture above. The PS and PL have multiple connections to work in harmony and process data. For the sake of brevity, lets move into the setup. We will do a deep dive in some other article!

Initial Bring Up

Let's get this thing powered on!🚀

I will be following the instructions on the quick start guide and documenting any struggles I have along the way.

Plugging it up

First off, I am running Windows 11 Pro on a pretty beefy laptop (XPS 15 9530). As with all modern laptops, I only have USB-C to connect to the outside world, so we will have to contend with that.

According to the manufacturer, the SD card that ships with the board has a standard factory PetaLinux image burned on, making start-up easier. If you don't have this SD card or its corrupted, you should be able to image it with PetaLinux and pick back up from here.

With my SD card in, I made sure I had the jumper configuration set to boot from the SD card, like depicted below.

After that, plugging up 5v power adapter and the mini USB serial cable seemed simple enough! I brought out a basic USB-A to USB-C converter so I could get to my laptop's USB-C port.

⚠️Warning: Make sure to pay attention to whatever USB-A to USB-C converter you use and its quality. In my experience adapters can be very annoying failure points when trying to accomplish something simple.

As soon as you plug in 5v power you should see the blue LED label come on. Then when you plug your USB mini into the USB_UART port, you'll see a blinking LED and a continuous RED LED light up.

The USB cable that comes with ZTurn boards is typically a USB to UART (Universal Asynchronous Receiver-Transmitter) bridge cable. In case you didn't know, UART is a serial protocol. We will discuss that more in a bit.

The instructions say to plug up HDMI if you need it, but the HDMI connection on the ZTurn board won't display anything by default because the default PetaLinux image typically doesn't have display drivers enabled.

Windows Identification

Alright! Let's see if Windows identifies it.
Go to Device Manager and look specifically under:

"Other devices" (for unrecognized hardware)
"Ports (COM & LPT)"
"Universal Serial Bus controllers"

You can try checking these places and doing the classic "plug 'n unplug" to identify it, but note that if you have a USB-A to USB-C converter, you will also see that re-appear and disappear, so just be cognizant.

For tutorial purposes... the device will likely show up with a name akin to:

CH340/CH341 or
CP210x

I found mine under "Other devices" and sure enough its named "CP2103 USB to UART bridge controller."

Any device with a yellow triangle/exclamation mark is good news - it means Windows detects the hardware but needs drivers.

After some Googling, I found that the CP2103 is a specific model of USB-to-UART bridge chip made by Silicon Labs. Though, the more logical thing to do would have been look at the board! On the under side of the board, there's our CP2103 by Silicon Labs.

ℹ️Some extra info: The CP2103 chip converts between USB protocol and UART protocol. The board's processor has a UART peripheral that receives this communication which gives us the serial console access we will be using.

Installing the Drivers

We're getting closer!
Go to the SILABS - USB to UART Bridge Drivers and click on the downloads section.

I picked the Universal Windows Driver, they have a VCP (Virtual COM Port) driver that I believe is for older versions of Windows.

CP210x Universal Windows Driver
v11.4.0
12/18/2024

After downloading and unzipping, I right clicked my CP2103 device in Device manager, update driver, browse computer for drivers, and selected the unzipped directory. Post-install, it now shows up as a COM port with no errors.

It shows as COM3, so I looked at the manufacturer overview for BAUD rate and opened PUTTY.

Here's the connection instructions:

And PUTTY

I was then presented with a blank shell. Pressing enter got me to the login.

Typing in the default password of root and root and I'm in!

We have confirmed that the board is running PetaLinux 2018.3! At this point, we haven't even explored the tip of the iceberg. I am looking for the next article to be all about PetaLinux and potentially Vivado, so stay tuned!

Part II: Google reCaptcha v3 server-side validation using ASP.NET Core 5.0

Spencer Arnold — Tue, 18 Jan 2022 03:21:24 +0000

After writing Google reCaptcha v3 server-side validation using ASP.NET Core 5.0, I was able to happily use the code in production apps. However, as it usually happens in the software world, needs arise to iterate.

Here's a short part II.

The main problem the previous code didn't solve? Validating captchas server-side with multiple "Sites" (as Google calls them) or "site-key/secret-key pairs".

ReCaptchas can become extremely effective by taking advantage of separation of concerns from an analytics perspective. From the reCaptcha dashboard, you can view reCaptcha analytics for each "Site."

In my specific use case, I had a "Gateway Service" that handled serving up the login, registration, password reset, live redirecting functionality, etc. I also had a landing page service that handled all landing page functionality (including any initial contact forms or newsletter signups). Since most of these services are open to the public, I had the need to put some level of captcha protection a lot of this.

Now, it's possible to just stick with the old code, which only supports one "site-key/secret-key pair" for all reCaptcha validation. And... it works....

The downside, though, is that you don't have much insight from an analytics perspective. You could have millions of requests cumulatively between the login, signup, forgot password, newsletter, and contact forms--all being processed through one "site-key/secret-key pair".

But so what? Having one site-key/secret-key pair seems to work and be a fairly simple implementation... But what happens when you have millions of requests between forms and you get an influx of Google-marked "suspicious" requests? In this case, it could prove quite useful to know which forms are getting hit with the majority of the flagged requests. Separating things out could give you insight to mitigate with precision. The Google ReCaptcha dashboards can be insightful, so why not distribute the load with multiple site-key/secret-key pairs to gain precise insight?

A Factory Solution:

So, expanding on the code already written, I have added a factory to allow for multiple site-key/secret-key pair validation. The factory allows us to specify a specific "Site" post-DI injection. The factory has some custom methods that also allow for execution of the reCaptcha validation in one step with the under-the-hood class instantiation.

Note: I have omitted code from the previous article that defines the core GoogleRecaptchaV3Service, for the sake of brevity.

The Factory:

public class GoogleRecaptchaV3ServiceFactoryOption<T> where T : IComparable
{
    public T Id { get; set; }
    public string ApiUrl { get; set; }
    public string SecretKey { get; set; }
}

public class GoogleRecaptchaV3ServiceFactory<T> where T : IComparable
{
    List<GoogleRecaptchaV3ServiceFactoryOption<T>> GoogleRecaptchaV3ServiceFactoryOptions { get; set; }
    HttpClient HttpClient { get; set; }

    public GoogleRecaptchaV3ServiceFactory(HttpClient httpClient,IOptions<List<GoogleRecaptchaV3ServiceFactoryOption<T>>> options)
    {
        GoogleRecaptchaV3ServiceFactoryOptions = options.Value;
        HttpClient = httpClient;
    } 

    public GoogleRecaptchaV3Service Create(T Id, string response, string remoteIp)
    {
        GoogleRecaptchaV3ServiceFactoryOption<T> selectedOption = 
        GoogleRecaptchaV3ServiceFactoryOptions.FirstOrDefault(x => x.Id.Equals(Id));
        return new GoogleRecaptchaV3Service(HttpClient, selectedOption.ApiUrl, selectedOption.SecretKey, response, remoteIp);
    }

    public async Task<GoogleRecaptchaV3Service> CreateAndExecute(T Id, string response, string remoteIp)
    {
        GoogleRecaptchaV3ServiceFactoryOption<T> selectedOption = GoogleRecaptchaV3ServiceFactoryOptions.FirstOrDefault(x => x.Id.Equals(Id));
        GoogleRecaptchaV3Service googleRecaptchaV3Service = new GoogleRecaptchaV3Service(HttpClient, selectedOption.ApiUrl, selectedOption.SecretKey, response, remoteIp);
        await googleRecaptchaV3Service.Execute();
        return googleRecaptchaV3Service;
    }
}

// ENUM to represent all Recaptcha Configurations.
public enum ReCaptchaConfigs { Gateway, Landing, Portal, SignUp, Login, MultiFactor, ForgotPasswordRequest, ForgotPasswordReset };

Now, You can register the factory and all the options in the DI Container.

ConfigureServices in startup.cs might look something like this:

services.AddHttpClient<GoogleRecaptchaV3ServiceFactory<ReCaptchaConfigs>>();
services.AddTransient<GoogleRecaptchaV3ServiceFactory<ReCaptchaConfigs>>();

services.Configure<List<GoogleRecaptchaV3ServiceFactoryOption<ReCaptchaConfigs>>>(options =>
{
    options.Add(new GoogleRecaptchaV3ServiceFactoryOption<ReCaptchaConfigs>
    {
        Id = ReCaptchaConfigs.Landing,
        ApiUrl = Configuration["GoogleRecaptchaV3:ApiUrl"],
        SecretKey = Configuration["GoogleRecaptchaV3:landing:secret"]
    });
    options.Add(new GoogleRecaptchaV3ServiceFactoryOption<ReCaptchaConfigs>
    {
        Id = ReCaptchaConfigs.Portal,
        ApiUrl = Configuration["GoogleRecaptchaV3:ApiUrl"],
        SecretKey = Configuration["GoogleRecaptchaV3:portal:secret"]
    });
    options.Add(new GoogleRecaptchaV3ServiceFactoryOption<ReCaptchaConfigs>
    {
        Id = ReCaptchaConfigs.SignUp,
        ApiUrl = Configuration["GoogleRecaptchaV3:ApiUrl"],
        SecretKey = Configuration["GoogleRecaptchaV3:signup:secret"]
    });
    options.Add(new GoogleRecaptchaV3ServiceFactoryOption<ReCaptchaConfigs>
    {
        Id = ReCaptchaConfigs.Login,
        ApiUrl = Configuration["GoogleRecaptchaV3:ApiUrl"],
        SecretKey = Configuration["GoogleRecaptchaV3:login:secret"]
    });
    options.Add(new GoogleRecaptchaV3ServiceFactoryOption<ReCaptchaConfigs>
    {
        Id = ReCaptchaConfigs.MultiFactor,
        ApiUrl = Configuration["GoogleRecaptchaV3:ApiUrl"],
        SecretKey = Configuration["GoogleRecaptchaV3:multifactor:secret"]
    });
    options.Add(new GoogleRecaptchaV3ServiceFactoryOption<ReCaptchaConfigs>
    {
        Id = ReCaptchaConfigs.ForgotPasswordRequest,
        ApiUrl = Configuration["GoogleRecaptchaV3:ApiUrl"],
        SecretKey = Configuration["GoogleRecaptchaV3:forgotpasswordrequest:secret"]
    });
    options.Add(new GoogleRecaptchaV3ServiceFactoryOption<ReCaptchaConfigs>
    {
        Id = ReCaptchaConfigs.ForgotPasswordReset,
        ApiUrl = Configuration["GoogleRecaptchaV3:ApiUrl"],
        SecretKey = Configuration["GoogleRecaptchaV3:forgotpasswordreset:secret"]
    });
});

And a section of your app.settings might look like:

"GoogleRecaptchaV3": {
    "ApiUrl": "https://www.google.com/recaptcha/api/siteverify",
    "landing": {
      "site": "<key>",
      "secret": "<key>"
    },
    "portal": {
      "site": "<key>",
      "secret": "<key>"
    },
    "signup": {
      "site": "<key>",
      "secret": "<key>"
    },
    "login": {
      "site": "<key>",
      "secret": "<key>"
    },
    "multifactor": {
      "site": "<key>",
      "secret": "<key>"
    },
    "forgotpasswordrequest": {
      "site": "<key>",
      "secret": "<key>"
    },
    "forgotpasswordreset": {
      "site": "<key>",
      "secret": "<key>"
    }
  },

And finally, an example controller. I omitted the DI part for brevity.

[HttpPost]
public async Task<IActionResult> Post([FromBody] SignUpDataCheck MobileCheck)
{
    // Result and ResultStatus are just a standard Result pattern implementation.
    Result gstat = (await _GoogleRecaptchaV3ServiceFactory.CreateAndExecute(
                    ReCaptchaConfigs.SignUp, MobileCheck.RecaptchaToken,
                    HttpContext.Connection.RemoteIpAddress.ToString())).result;

    switch (gstat.status)
    {
        case ResultStatus.Rejected:
            return StatusCode(400, gstat.statusMessage);

        case ResultStatus.Exception:
            return StatusCode(500, "Error reported. Try again later.");
    }
}

By passing the ReCaptchaConfigs. into the factory, we can selectively use the secret-keys associated with each individual key-pair to validate the exact "Site" we want in our endpoints.

So that's it! No fancy demo this time, but you can always view the previous code on Github.

spencer741 / GoogleRecaptchaV3Service

Google reCaptcha v3 server-side validation using ASP.NET Core 5.0

Thanks for reading! If there are any typos or grammatical issues, just comment below so I can amend them.

Give me a follow on Dev.to, Github, or LinkedIn if you liked the article and want to see more! If you would like, you can also buy me a coffee. Any support is greatly appreciated!

> Connect with me

> Support me

> Support everybody

The ability to transfer money has been a long-standing omission from the web platform. As a result, the web suffers from a flood of advertising and corrupt business models. Web Monetization provides an open, native, efficient, and automatic way to compensate creators, pay for API calls, and support crucial web infrastructure. Learn More about how you can help change the web.

Start, RDP, and Stop: Automating Azure VMs while optimizing cost

Spencer Arnold — Sat, 13 Mar 2021 21:25:29 +0000

I've been wanting to write this article for weeks now and have finally prioritized some time to do so. Here's a broad overview of a nifty PowerShell Script I pieced together from multiple sources to accomplish a very specific goal.

Problem 1: Workflow

For those who provision Windows 10 VMs in Azure, you will know that taking time to go to the Azure portal, allocate the VM, grab the public IP (if you don't have a static one assigned), and stick it into the Remote Desktop client of your choice... well this process is quite a few clicks for a simple task. If you are setting up a VM for an otherwise non-technical user, you also don't want them to have to log in to the Azure portal every time.

Problem 2: Cost Optimization

Through the native Azure Portal VM Scheduler (as well as many other tools out there), you can modify the startup and shutdown schedules of your VMs. This is a great feature, but as many of you Azure enthusiasts know, Stopping a VM is different from De-allocating, especially when looking at the bills. You can set schedules for your VMs, but if there is no robust schedule of VM usage, you could be faced with a costly bill by keeping your VMs running. Even when you stop them, you will also incur cost.

Chris Parlette from ParkMyCloud has a perfect description for what I'm talking about. I'll quote below:

Azure’s Stopped State

When you are logged in to the operating system of an Azure VM, you can issue a command to shut down the server. This will kick you out of the OS and stop all processes, but will maintain the allocated hardware (including the IP addresses currently assigned). If you find the VM in the Azure console, you’ll see the state listed as “Stopped”. The biggest thing you need to know about this state is that you are still being charged by the hour for this instance.

Azure’s Deallocated State

The other way to stop your virtual machine is through Azure itself, whether that’s through the console, Powershell, or the Azure CLI. When you stop a VM through Azure, rather than through the OS, it goes into a “Stopped (deallocated)” state. This means that any non-static public IPs will be released, but you’ll also stop paying for the VM’s compute costs. This is a great way to save money on your Azure costs when you don’t need those VMs running, and is the state that ParkMyCloud puts your VMs in when they are parked.

Which State to Choose?

The only scenario in which you should ever choose the stopped state instead of the deallocated state for a VM in Azure is if you are only briefly stopping the server and would like to keep the dynamic IP address for your testing. If that doesn’t perfectly describe your use case, or you don’t have an opinion one way or the other, then you’ll want to deallocate instead so you aren’t being charged for the VM.

I am not endorsing ParkMyCloud aside from their succinct descriptions in articles, but their service does look extremely useful (especially since they park your VMs in de-allocated mode off hours).

A quick solution:

A client I was working with had both of the aforementioned problems. Their VM usage was sporadic enough that a scheduling system really wouldn't work. They also didn't want to have to train users to log in to the Azure portal, boot up the VM, grab the IP, and set up remote desktop. For a non-technical user, its a lot of steps. Even though authorization control can be implemented quite well in Azure, it was probably best to not have people logging into the portal all the time, when they just wanted to access a VM.

So I set out to scrap together a PowerShell script to do the heavy lifting.

These were the general requirements:

1) Start the VM without going to the portal.
2) Prompt user with credentials for VM access (Microsoft prompt).
3) Automatically start the RDP client and initialize a connection.
4) When the user closes the RDP session, automatically stop and de-allocate the VM.

Since this VM didn't get usage by multiple users at the same time, the script didn't need to account for other people being logged in. That being said, a solution like this could be merged with the below PS script to listen for any RDP connections Azure-side. If there are no connections, it could de-allocate the VM. Otherwise, it wouldn't stop or de-allocate. This could basically follow a "last person off shuts down the VM" policy. That being said, I think the solution below is a good for one-off individual or sporadic VM usage.

Before I show the code, I would also like to note that this was written in a couple of hours. The clients just wanted a quick and dirty solution. I wouldn't say its the best code, but it definitely owns up to being a script.

The general outline:

1) Self-elevate the script
2) Do some dependency checks,
3) Gather credentials via Microsoft prompt.
4) gathering and booting of the VM.
5) Start Azure VM
7) Start RDP session to VM
8) Track session
9) De-allocate when RDP session is closed.

All you have to do is replace RESOURCEGROUPNAMEHERE and VMNAMEHERE with the Azure resource group name and VM name respectively. The rest should be agnostic.

# Self-elevate the script if required
"`Self Elevating...`n"
if (-Not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
    if ([int](Get-CimInstance -Class Win32_OperatingSystem | Select-Object -ExpandProperty BuildNumber) -ge 6000) {
        $CommandLine = "-File `"" + $MyInvocation.MyCommand.Path + "`" " + $MyInvocation.UnboundArguments
        Start-Process -FilePath PowerShell.exe -Verb Runas -ArgumentList $CommandLine
        Exit
    }
}

"`nChecking/mitigating Powershell Execution Policy...`n"
if($(Get-ExecutionPolicy) -ne 'RemoteSigned')
{
`set-executionpolicy remotesigned
}

"`nInitiating settings and dependencies pre-check/installation`n"
"`nChecking/mitigating Remote Desktop...`n"
#Enable-PSRemoting -SkipNetworkProfileCheck -Force
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1


"`nChecking/mitigating Azure Powershell module...`n"
if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) {
   Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' +
   'Az modules installed at the same time is not supported.')
} else {
     Install-Module -Name Az -AllowClobber -Scope CurrentUser
}

"`nGetting Azure Credentials and authenticating...`n"

Connect-AzAccount

"`nChecking Azure VM status...`n"

#$status =  Get-AzVM `
#   -ResourceGroupName "<RESOURCEGROUPNAMEHERE>" `
#   -Name "<VMNAMEHERE>" -Status

#Write-Output $status.Statuses.DisplayStatus

#if($($status.Statuses.DisplayStatus) -ne "VM deallocated")
#{
#    pause("Please try again later")
#    exit
#}

"`nStarting Azure VM <RESOURCEGROUPNAMEHERE> <VMNAMEHERE>...`n"

Start-AzVM `
   -ResourceGroupName "<RESOURCEGROUPNAMEHERE>" `
   -Name "<VMNAMEHERE>"

"`nGetting public IP of <VMNAMEHERE>...`n"


$ip = Get-AzPublicIpAddress `
   -ResourceGroupName "<RESOURCEGROUPNAMEHERE>"  | Select IpAddress

"`nStarting remote desktop session...`n"

mstsc /v:$($ip.{IpAddress})

Start-Sleep -s 60

$rdpsession = Get-Process mstsc -ErrorAction SilentlyContinue

Write-Output $rdpsession

"`nYour session is up and now being tracked. Listening for remote desktop closure...`n"

$hasd = "false"

for(;;)
{
   $rdpsession = Get-Process mstsc -ErrorAction SilentlyContinue
    if (!$rdpsession) {
        "`nRemote desktop session ended.`n"

        Stop-AzVM `
           -ResourceGroupName "<RESOURCEGROUPNAMEHERE>" `
           -Name "<VMNAMEHERE>"

         $hasd = "true"

        "`nStopping <VMNAMEHERE>...`n"

        break
    }
}

Register-EngineEvent PowerShell.Exiting –Action { if($hasd -eq "false")
{
    Stop-AzVM `
           -ResourceGroupName "<RESOURCEGROUPNAMEHERE>" `
           -Name "<VMNAMEHERE>"

        "`nStopping <VMNAMEHERE>...`n"
}}


Function pause ($message)
{
    # Check if running Powershell ISE
    if ($psISE)
    {
        Add-Type -AssemblyName System.Windows.Forms
        [System.Windows.Forms.MessageBox]::Show("$message")
    }
    else
    {
        Write-Host "$message" -ForegroundColor Yellow
        $x = $host.ui.RawUI.ReadKey("NoEcho,IncludeKeyDown")
    }
}

Notable fixes that could be implemented:

Parameterize VMRESOURCENAME
Parameterize VMNAME
Currently installing the entire AZ module... which can take some time. Reduce to only necessary dependencies.
Add functionality for "last off de-allocates" policy.

If you are a PowerShell enthusiast and would like to implement the fixes above, clean up the code, add error handling, or add your own features/fixes, you can go visit the Github Gist where I have posted the above code and collaborate on improvements. (quite frankly I don't have the time to allocate and make it perfect these days so any help improving this script for the community is greatly appreciated).

Here is the GH Gist

Thanks for reading! If there are any typos or grammatical issues, just comment below so I can amend them.

Give me a follow on Dev.to, Github, or LinkedIn if you liked the article and want to see more! If you would like, you can also buy me a coffee. Any support is greatly appreciated!

> Connect with me

> Support me

> Support everybody

Google reCaptcha v3 server-side validation using ASP.NET Core 5.0

Spencer Arnold — Tue, 23 Feb 2021 17:35:02 +0000

There are quite a few snippets on Github and NuGet packages out there that try to implement server-side Google reCaptcha validation. Some of the NuGet packages will even cover the entire reCaptcha process—all the way from embedding the Google-provided reCaptcha script in a razor page to exposing a middleware to call in your request pipeline.

All of that is good and well, but there are a few problems. One problem is that some of these implementations aren't maintained (or don't even support reCatpcha V3), but worst of all some of them won't scale, thus falling short of very basic requirements for a solid production build.

But why won't they scale?

Usually it's the misuse of HttpClient, or rather the lack of using HTTPClientFactory. Some code out there will instantiate an HttpClient on every incoming reCaptcha validation request! This can prove costly and fatal for a couple of reasons:

1) Each HttpClient gets its own connection pool.
2) Socket Exhaustion when a bunch are spawned.

Easter Egg 🥚

I got exposed to ASP.NET Core around the time 2.1 released, in which I remember reading an amazing article by Microsoft MVP Steve Gordan on the new HttpClientFactory coming to 2.1 and what problems it was solving. It has a lot of good detail pertaining to this feature.

Aside from that; however, I wanted to add reCaptcha functionality on the controller level, not just exposing it as a middleware in the pipeline. This would allow me to control what endpoints I explicitly need reCaptcha validation on. In addition, I am running a React SPA, so I didn't necessarily need Razor functionality or any extra bloat that comes along with some of these packages. Just a simple and sweet reCaptcha server-side validation mechanism.

This can all be done with Dependency Injection (DI), an HttpClientFactory, built in JSON serialization, and of course some asynchronous flair.

Let's get to it!

1. Pre-req's

In addition to the basics, here are some high-level concepts/technologies to be familiar with (non-inclusive).

2. Process Overview

Here's the "explain it like I'm 5" overview of the back-end process to hard validate a Google Captcha exchange:

Your Server: Hey Google, there's a dude that tells me that he's not a robot. He says that you already verified that he's a human, and he told me to give you this token as a proof of that.

Google: Hmm... let me check this token... yes I remember this dude I gave him this token... yeah he's made of flesh and bone let him through.

Your Server: Hey Google, there's another dude that tells me that he's a human. He also gave me a token.

Google: Hmm... I never issued this token... I'm pretty sure this guy is trying to fool you. Tell him to get off your site.

-- courtesy of TheRueger on SO

Simple enough!

3. Some housekeeping

Now, before we move on, make sure you read over some of Google's documentation. Regardless of where you are in development (whether you have embedded the reCaptcha script in your front-end yet or are just getting started), you will need to make sure you're following the Google reCaptchaV3 tutorial, which contains info on front-end setup and registering your reCaptcha v3 keys.

For the purposes of this tutorial, you just need the Secret Key that is provided in the Admin Console under your site.

Easter Egg 🥚

It is good practice to have two key pairs (one for development and one for production. This way, you can add localhost to the domain inclusion list for dev).

4. First stop: appsettings.json

In this step, we are going to add our reCaptcha Secret Key to appsettings.json. We will be accessing it later on to pass to our custom Google reCaptcha service. This key (in addition to the token passed from our client) will help Google determine if the validation request and the Captcha is legitimate.

To stay semantically sound here, we are going to add a properties called "Secret" and "ApiUrl".



"GoogleRecaptchaV3": {
    "Secret": "yoursecretapikey",
    "ApiUrl": "https://www.google.com/recaptcha/api/siteverify"
}

After you've added the snippet, your appsettings.json might look something like below. You have logging, allowed hosts, etc, with the "Secret" and "ApiUrl" path properties conveniently added under "GoogleRecaptchaV3".

Of course if you have a different structure in mind or have to integrate with an existing setup that's already built out, do it how you see fit. It will be fairly easy to access properties at any depth in the code. This example is just for the demo.



{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*",
  "GoogleRecaptchaV3": {
    "Secret": "yoursecretapikey",
    "ApiUrl": "https://www.google.com/recaptcha/api/siteverify"
  }
}

You'll probably also have your database connection string and your site key for Google reCaptcha in your appsettings.json, but for simplicity I am only including the property for my secret key. If you update your key and changes are not persisting, appsettings.json, make sure to completely restart your server.

Disclaimer ⚠️

Don't forget to add appsettings.json to your .gitignore. You don't want your secrets to get on the web! This is the whole purpose of environment variables and appsettings.json.

Easter Egg 🥚

You can also look into using appsettings.Development.json if you are using production and development keys separately (which is a good idea).

5. Building the Request and Response Models

To make our life easy, we will be creating a class that represents the request sent to Google and another class for the response. These classes make it straight forward to initialize a request and serialize the response content accordingly.

Remember, these are 1:1 request/response representations based on Google's API spec.

For the demo, I am putting the models in a file called GHttpModels.cs. We will use these classes when we build the GoogleRecaptchaV3 service class.



using System;
using System.Runtime.Serialization;

namespace AspNetCoreRecaptchaV3ValidationDemo.Tooling
{

    public class GRequestModel
    {
        public string path { get; set; }
        public string secret { get; set; }
        public string response { get; set; }
        public string remoteip { get; set; }

        public GRequestModel(string res, string remip)
        {
            response = res;
            remoteip = remip;
            secret = Startup.Configuration["GoogleRecaptchaV3:Secret"];
            path = Startup.Configuration["GoogleRecaptchaV3:ApiUrl"];
            if(String.IsNullOrWhiteSpace(secret) || String.IsNullOrWhiteSpace(path))
            {
                //Invoke logger
                throw new Exception("Invalid 'Secret' or 'Path' properties in appsettings.json. Parent: GoogleRecaptchaV3.");
            }
        }
    }

    //Google's response property naming is 
    //embarrassingly inconsistent, that's why we have to 
    //use DataContract and DataMember attributes,
    //so we can bind the class from properties that have 
    //naming where a C# variable by that name would be
    //against the language specifications... (i.e., '-').
    [DataContract]
    public class GResponseModel
    {
        [DataMember]
        public bool success { get; set; }
        [DataMember]
        public string challenge_ts { get; set; }
        [DataMember]
        public string hostname { get; set; }

        //Could create a child object for 
        //error-codes
        [DataMember(Name = "error-codes")]
        public string[] error_codes { get; set; }
    }
}

If you are typing while following along, you will probably notice your linter complaining. Not to fear! This time, it's expected.

The Startup.Configuration[...] lines are not valid because the Configuration property doesn't exist in Startup.cs yet. Don't worry, we will get to it and some other important things in Startup.cs after we finish developing the GoogleRecaptchaV3 service class.

Onward!

6. Creating the GoogleRecaptchaV3 Service

7. Exposing the configuration in Startup.cs

The next step is to make sure we can access the configuration builder so we can get our reCaptcha secret from appsettings.json. This seems to be a highly opinionated topic out on the web, with people coming up with some crazy, bloated, bells-and-whistles-dependency-injection-jujitsu, but there is a VERY simple approach that will work just fine for our circumstances.

Since Asp.Net Core 2.0, the default initialization of WebHostBuilder (which can be found in program.cs) automatically adds an IConfiguration instance to the DI container (the proof is in the pudding).

This means that all we have to do is add IConfiguration as a dependency of our Startup class and set it as a property. Since most of our files are in the same namespace, we can just access it directly from pretty much anywhere (like we do in our GRequestModel: Startup.Configuration["GoogleRecaptchaV3:Secret"];)



using Microsoft.Extensions.Configuration;
using AspNetCoreRecaptchaV3ValidationDemo.Tooling;

public class Startup
{
   internal static IConfiguration Configuration { get; private set; }
   public Startup(IConfiguration configuration)
   {
       Configuration = configuration;
   }
}

8. Adding pertinent services to the DI container

Here we use ConfigureServices to add services to the DI container. If you don't have the ConfigureServices method in your startup, you can just paste it in.

If you're new to all this, make sure you understand the difference between ConfigureServices and Configure.

ConfigureServices : Where you configure the DI container.
Configure : Where you configure the Http request pipeline.



public void ConfigureServices(IServiceCollection services)
{          
    services.AddHttpClient<IGoogleRecaptchaV3Service,GoogleRecaptchaV3Service>();
    services.AddTransient<IGoogleRecaptchaV3Service,GoogleRecaptchaV3Service>();
    services.AddControllers();
}

I wasn't going to include this part, but don't forget to also configure UseEndpoints in your Http Request pipeline so your requests are routed to your controllers.



app.UseRouting();
app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers();
});

9. Setting up a Controller to use our GoogleRecaptchaV3Service

Below, you can see a standard controller implementation that accepts some sign up form data from the body of the request (in the form of the SignUpModel, which contains the Recaptcha token).

As you can see, we added a constructor to our controller, specifying IGoogleRecaptchaV3Service as a dependency. We then set it as a property, to then later perform initialization and execution when a request hits the controller.



    public class SignUpModel
    {
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string Email { get; set; }
        public string RecaptchaToken { get; set; }
    }

    [ApiController]
    [Route("public/signup")]
    public class SignUp : ControllerBase
    {
        IGoogleRecaptchaV3Service _gService { get; set; }
        public SignUp(IGoogleRecaptchaV3Service gService)
        {
            _gService = gService;
        }

        [HttpPost]
        public async Task<IActionResult> Post([FromQuery] SignUpModel SignUpData)
        {

            GRequestModel rm = new GRequestModel(SignUpData.RecaptchaToken,
                                                 HttpContext.Connection.RemoteIpAddress.ToString());

            _gService.InitializeRequest(rm);

            if(!await _gService.Execute())
            {
                //return error codes string.
                return Ok(_gService.Response.error_codes);
            }

            //call Business layer

            //return result
            return Ok("Server-side Google reCaptcha validation successfull!");

        }
    }

Easter Egg 🥚

When using Entity Framework in this context, you can always use inheritance to create new types, that is if you have data you want to accept through your Web api which is not represented in your data model (i.e.,if it doesn't need to be stored persistently).

10. Testing it out

Almost Done!

I created a very basic demo where you can see a more complete picture of the snippets in this article. If you want to run the code, you can to put your secret key in appsettings.json (or you could see what happens when there's an invalid secret key in appsettings.json 😉).

The example will allow you to insert your site key in-browser at the root path / and run an end-to-end mock of the entire process (I dynamically inject the Google reCaptcha script after you input your site key so you don't have to dig around in the html. Alternatively, I could have used Razor Pages + appsettings.json). On that note I have not .gitignore'd appsettings.json so feel free to view it in Github. Just be keen on where this code ends up if you include any secret keys.

spencer741 / GoogleRecaptchaV3Service

Google reCaptcha v3 server-side validation using ASP.NET Core 5.0

Thanks for reading! If there are any typos or grammatical issues, just comment below so I can amend them.

Give me a follow on Dev.to, Github, or LinkedIn if you liked the article and want to see more! If you would like, you can also buy me a coffee. Any support is greatly appreciated!



> Connect with me



> Support me



> Support everybody

Q: Why not use dependency injection in attributes?
A: Dependency Injection in Attributes: don’t do it!

Q: Why not just build a "Perform Server-Side Recaptcha validation" endpoint?
A: This ultimately makes things more complex. By this philosophy, the front-end reCaptcha script communicates with Google, gives you back a token, you take that token and call this theoretical Server-Side Recaptcha validation api. That api either has to persist knowledge that it did indeed perform validation (by server-side storage, or by returning a token of its own—which adds payload and complexity). How else would the secondary call submitting, say the sign up information, prove to the server that it had indeed been server-side validated before? If you wanted to take this approach, might as well forget about REST. This is a good lesson on stateless protocols.

Q: Why didn't you include the GRequest model in the DI container?
A: First, I will point you to this SO post. I will also add that adding GRequest as a dependency to GoogleRecaptchaV3Service would kill my intention of granularity at the controller level. If you are thinking about adding GRequest as a dependency at the controller's constructor, that would mean extracting data upstream... you can see where that's going...this should really be done in the controller in this circumstance. As for reading body data multiple times, it should probably only be done in special circumstances. I could go on, but I will stop here :)

DEV Community: Spencer Arnold

Getting Started with Z-turn Board V2: Initial Setup Guide (Part 1)

Board Overview

Processing System (PS):

Programmable Logic (PL):

Initial Bring Up

Plugging it up

Windows Identification

Installing the Drivers

Part II: Google reCaptcha v3 server-side validation using ASP.NET Core 5.0

A Factory Solution:

spencer741 / GoogleRecaptchaV3Service

Google reCaptcha v3 server-side validation using ASP.NET Core 5.0

Start, RDP, and Stop: Automating Azure VMs while optimizing cost

Problem 1: Workflow

Problem 2: Cost Optimization

Azure’s Stopped State

Azure’s Deallocated State

Which State to Choose?

A quick solution:

These were the general requirements:

The general outline:

Google reCaptcha v3 server-side validation using ASP.NET Core 5.0

Easter Egg 🥚

I got exposed to ASP.NET Core around the time 2.1 released, in which I remember reading an amazing article by Microsoft MVP Steve Gordan on the new HttpClientFactory coming to 2.1 and what problems it was solving. It has a lot of good detail pertaining to this feature.

1. Pre-req's

2. Process Overview

3. Some housekeeping

Easter Egg 🥚

It is good practice to have two key pairs (one for development and one for production. This way, you can add localhost to the domain inclusion list for dev).

4. First stop: appsettings.json

Disclaimer ⚠️

Don't forget to add appsettings.json to your .gitignore. You don't want your secrets to get on the web! This is the whole purpose of environment variables and appsettings.json.

Easter Egg 🥚

You can also look into using appsettings.Development.json if you are using production and development keys separately (which is a good idea).

5. Building the Request and Response Models

6. Creating the GoogleRecaptchaV3 Service

7. Exposing the configuration in Startup.cs

8. Adding pertinent services to the DI container

9. Setting up a Controller to use our GoogleRecaptchaV3Service

Easter Egg 🥚

When using Entity Framework in this context, you can always use inheritance to create new types, that is if you have data you want to accept through your Web api which is not represented in your data model (i.e.,if it doesn't need to be stored persistently).

10. Testing it out

spencer741 / GoogleRecaptchaV3Service

Google reCaptcha v3 server-side validation using ASP.NET Core 5.0

I got exposed to ASP.NET Core around the time 2.1 released, in which I remember reading an amazing article by Microsoft MVP Steve Gordan on the new `HttpClientFactory` coming to 2.1 and what problems it was solving. It has a lot of good detail pertaining to this feature.

Don't forget to add `appsettings.json` to your `.gitignore`. You don't want your secrets to get on the web! This is the whole purpose of environment variables and `appsettings.json`.

You can also look into using `appsettings.Development.json` if you are using production and development keys separately (which is a good idea).