1

I have a parameter which I am passing as querystring to the page URL.Before passing the value as querystring I am encrypting the value. However the encrypted value sometimes contains the + in the querystring. I know it has special meaning in the URL. So I used Server.UrlEncode(encryptedvalue) to make it safe. But however when I get the Querystring only the + is getting evaluated before decoding the URL.

Here is code to Generate the query-string,

var result =  Server.UrlEncode(this.UserSecurity.Encrypt<string>(value));

after this value of querystring(result) is + becomes %2b as expected

querystringvalue = "R3oQCPn%2bNVV4P0aL0LAZEL6Og1%2bQ2vOJJDJCSTY6WXE%3d"

I have No control over Encryption method so I can not change in there.

So when I access at the redirected page I get,

1) When I don't use UrlDecode then + becomes 

  querystringvalue = "R3oQCPn NVV4P0aL0LAZEL6Og1 Q2vOJJDJCSTY6WXE="

2) When I use the UrlDecode then still + becomes 

  querystringvalue = "R3oQCPn NVV4P0aL0LAZEL6Og1 Q2vOJJDJCSTY6WXE="

3) When I see in watch window here is strange thing I see, enter image description here

As you can see there is + present in querystring but it getting resolved to .

So my question is,

1) Why the %3d not resolved to the = but the %2b resolved to + ?
2) And what Can I do to resolve this issue ? Because the %2b resolving to + and then to giving me wrong decrypted value and some times format exception.

UPDATE After generating the result I am directly attaching it to the URL without any further process as "page.aspx?taskid="+result

Improve this question
7
  • What are you doing with result before the next request? Commented Mar 18, 2015 at 15:24
  • Nothing, It gets directly attached to the URL as querystring. Commented Mar 18, 2015 at 15:25
  • Ok, can we see that code? And how the URL is returned to the client? (I.E. is this a redirect, embedded in the page as a link?) Commented Mar 18, 2015 at 15:29
  • You could use a modified Base64 encoding that doesn't use a + instead of UrlEncode. Commented Mar 18, 2015 at 15:29
  • 1
    @CoderofCode UrlTokenEncode mentioned in the answer looks like it does exactly that. Commented Mar 18, 2015 at 15:35

1 Answer 1

Reset to default
2

I am going to go out on a limb here and assume you are using BASE64 to encode the encrypted data, perhaps using Convert.ToBase64String.

Are you able to modify the Encrypt function? If so, try encoding the bytes using HttpServerUtility.UrlTokenEncode:

https://msdn.microsoft.com/en-us/library/system.web.httpserverutility.urltokenencode

To convert back to a byte[] use the symmetric HttpServerUtility.UrlTokenDecode method.

https://msdn.microsoft.com/en-us/library/system.web.httpserverutility.urltokendecode

This would allow you to safely pass the token in a URL. Is this an option for you?

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I am not using the Convert.ToBase64String to encrypt the data. Actualy the Encryption is done by the algorithm(I don't know which and I dont have access to the code I mentioned in question).
On second thought (When I started to read about it) I can convert my encrypted string using ENCODE and DECODE using the UrlTokenEncode.
OK Great - In general the Server.UrlEncode() method doesn't catch as many characters as Uri.EscapeDataString(). I'm not totally sure why the implement things the way they did, but the later seems to handle just about every case.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.