ASP.net MVC Route 404 with Encrypted text

Question

I'm implementing a Password Reset facility in an asp.net MVC 3 web application. The email sent to the user contains a link with an encrypted string. Below is a sample link:

forgotprocess/QU1jfNoTb1Qd7qObop1FinQai4hCbzg7%2bMGfMF63d9Vvahi%2bmg9cT8KyaGo9jE1gbsWl5r%2f6DzpcRLf6HYNGeeFujG9QeblKUUvfxLDJ7UwcSCKD2AdsrR3EmC80PNCGGnGMQiya7ILNOJjWh%2fKSRQ%3d%3d

When the link is clicked I get a 404 error. To test the routes I used RouteDebugger, however I still get the 404 page - seems that the link isn't getting to the application. However if I change the link to the following:

forgotprocess/?i=QU1jfNoTb1Qd7qObop1FinQai4hCbzg7%2bMGfMF63d9Vvahi%2bmg9cT8KyaGo9jE1gbsWl5r%2f6DzpcRLf6HYNGeeFujG9QeblKUUvfxLDJ7UwcSCKD2AdsrR3EmC80PNCGGnGMQiya7ILNOJjWh%2fKSRQ%3d%3d

It works fine. I'd prefer not to have to use a query string parameter.

The size of the overall link is about 200 characters, so it shouldn't hit any limits?

Mark

Answer 1

In your top route:

forgotprocess/QU1jfNoTb1Qd7qObop1FinQai4hCbzg7%2bMGfMF63d9Vvahi%2bmg9cT8KyaGo9jE1gbsWl5r%2f6DzpcRLf6HYNGeeFujG9QeblKUUvfxLDJ7UwcSCKD2AdsrR3EmC80PNCGGnGMQiya7ILNOJjWh%2fKSRQ%3d%3d

%2f is going to get URL decoded into / so it's going to confuse the routing engine.

Can you alter how you're encrypted string is being generated to prevent this?

Alternatively, if it's the last parameter, you could alter your route like in this post, but that might lead to other issues:

routes.MapRoute(
    "Default",                                                // Route name
    "{controller}/{action}/{*id}",                            // URL with parameters
    new { controller = "Home", action = "Index", id = "" });  // Parameter defaults