Debug. raw HttpContext.Items state (TagHelper input)
AggregatedEvidence present: True BotDetectionResult present: True evidence.RiskBand = VeryHigh evidence.BotProbability = 0.9 evidence.Confidence = 0.8765432098765432
Behaviour-aware Razor
This page is rendered by ASP.NET Core MVC with StyloBot middleware in
process. No gateway, no third-party service, no JavaScript on the
client. Every <sb-*> tag below reads from the same
DetectionDisplayModel the detection pipeline populated
before this view started rendering.
Demo mode. flip the verdict by appending
?demo=<preset> to any URL. Same code path as the
ml-bot-test-mode header; opt-in via
BotDetection:TestModeQueryParam.
1. Risk-gated content (<sb-risk>)
High risk. If this were a real product page,
you'd be served the lite version and your form posts would face a
proof-of-work challenge. Wrapped in
<sb-risk min="High">.
2. Signal-driven variation (<sb-signal>)
Treated as a human visitor by the User-Agent detector.
3. Honeypot form (<sb-honeypot />)
This form contains three offscreen trap fields. Humans don't see them; bots fill them in. View source to confirm they're there.
4. Endpoint traffic shaping
The opening Razor view from the talk also wires up three minimal-API endpoints at the routing layer:
GET /api/data..BlockBots(): all bots refused. Try it.GET /sitemap.xml..BlockBots(allowVerifiedBots: true, allowSearchEngines: true). Try it.POST /api/login..BotPolicy("strict", blockThreshold: 0.5).
Tip: hit /api/data while demo mode is set to
scrapy or curl and watch it 403.