I finally bit the bullet and formatted my ASP.NET CAPTCHA server control as a CodeProject article. This version of the control has a few significant improvements over the last version:
Isn’t storing the text in the ViewState with ViewStateMac enabled and possibly “ViewStateKey” set - “secure enough?”
I’ve implemented your stuff for Comment Spam on my blog:
http://www.hanselman.com/blog/PermaLink.aspx?guid=99b2e3e9-5597-4883-a015-d77c3246a2a8
Yeah, I saw it on your blog before I saw it on my own. Enjoy 
Isn’t storing the text in the ViewState with ViewStateMac enabled and possibly “ViewStateKey” set - “secure enough?”
Possibly, but sending “secure” stuff to the client is just inviting problems. I’m already storing an entire .CaptchaImage in the .Cache so it made sense to keep it all together, anyway.
I have used it in a child page.
Its works fine.
But it fails if i have an update panel with a timer on to the page the updatepanel.
The Captha displayed remains same but the isValid fails.