It's taken a few weeks for the spam-bots to notice my blog engine, but they're now starting to become more active. There are many options in the toolbox for dealing with spam comments, one of which is to add a CAPTCHA. This is a test in which a computer generates a challenge, and then attempts to verify that the response is generated by a human.
There are many CAPTCHA implementations available (reCAPTCHA is a good example), however I though it would be instructive to generate my own. The System.Drawing.Drawing2D namespace got me started, as shown below in Figure 1.
The image is generated by a controller action, returning a FileResult object with the appropriate content type. A new image is generated after a configurable interval. There are numerous ways to implement the CAPTCHA check when the comment form is submitted, the simplest of which is to have stored the CAPTCHA data in ASP.NET session state. Given this project is intended as a lightweight, personal blogging engine and that I wouldn't envisage scaling out across multiple servers, this doesn't seem a bad approach for the time-being.
Of course, it's rather sad that I have to use a CAPTCHA, and I apologise for inconveniencing anyone submitting a valid comment.