TReCaptcha displays a reCAPTCHA v2 that can be used to determine if the input is entered by a real user instead of some program. It can also prevent multiple submits of the same form either by accident, or on purpose (ie. spamming).
The reCAPTCHA to solve (a string consisting of two separate words) displayed is automatically generated by the reCAPTCHA system at recaptcha.net. However, in order to use the services of the site you will need to register and get a public and a private API key pair, and supply those to the reCAPTCHA control through setting the SecretKey and SiteKey properties.
Currently the reCAPTCHA API supports only one reCAPTCHA field per page, so you MUST make sure that all your input is protected and validated by a single reCAPTCHA control. Placing more than one reCAPTCHA control on the page will lead to unpredictable results, and the user will most likely unable to solve any of them successfully.
Upon postback, user input can be validated by calling validate(). The TReCaptcha2Validator control can also be used to do validation, which provides server-side validation. Calling validate() will invalidate the token supplied, so all consecutive calls to the method - without solving a new captcha - will return false. Therefore if implementing a multi-stage input process, you must make sure that you call validate() only once, either at the end of the input process, or you store the result till the end of the processing.
The following template shows a typical use of TReCaptcha control:
ErrorMessage="You are challenged!" />