Issue with Base64-encoded parameter in query string

Question

I\'m sending a link in my web application to users mails (for confirming user registration) as the following :

Answer 1

I was using HttpUtility.UrlEncode but I had problems if the base64 encoded string contained a "+" sign. It was correctly being encoded to "%2b" but when it was coming back from the browser it was interpreted as a space. So, I used two simple encode/decode methods instead:

public static string UrlEncodeBase64(string base64Input)
{
    return base64Input.Replace('+', '.').Replace('/', '_').Replace('=', '-');
}

public static string UrlDecodeBase64(string encodedBase64Input)
{
    return encodedBase64Input.Replace('.', '+').Replace('_', '/').Replace('-', '=');
}

Answer 2

If you are using ASP.net core you can use WebEncoders.Base64UrlEncode and WebEncoders.Base64UrlDecode

Answer 3

You should probably URL encode the parameter value since = is itself used to separate a parameter name from a parameter value.

Answer 4

You can send your value by replacing two char + to _ and / to -:

string confirm=confirm.Replace('+', '_').Replace('/', '+');

<a target="_blank" href="http://localhost:2817/ConfirmRegistration?confirm=@confirm">
http://localhost:2817/ConfirmRegistration?confirm=@confirm
</a>

and you can get your data in server side by using:

if (Request.QueryString["confirm"] != null && Request.QueryString["confirm"].ToString() != "")
{
       string confirm = HttpUtility.HtmlDecode(Request.QueryString["confirm"]).Replace('_', '+').Replace('-', '/');
}

Answer 5

You should URL encode the confirm parameter. The error you get is because of the last == fragment.

For this use HttpServerUtility.UrlEncode or similar framework methods.