0

I used this method in class library and calling the method from controller. But the value i passed is not encoding. I cant trace the reason behind it.

Class Library

using System.Web;

public static class CommonLogic    
{
   public static string UrlEncode(string value)
    {
        return HttpUtility.UrlEncode(value);
    }
}

Controller

var test =   CommonLogic.UrlEncode("2")

test value is "2" and it not encoded.

Update:

I just realized the reason from comments below. What i really need is not encoding but encryption and decryption. I don't want the Url parameters to be exposed as plain text, instead i want that to be encrypted value and later in controller i will decrypt it again before processing that value. Any Ideas on this?

Raedwald
  • 46,613
  • 43
  • 151
  • 237
  • 1
    After it's encoded it's still "2". Are you expecting something else? If yes, then what? – Andrew Savinykh Apr 18 '13 at 02:23
  • Oh i just realized it will encode only special characters in Url. What i really want is to encode the value 2 as that is primary key of the users table and i don't want that to be exposed in Url. Instead i need it to be encodeded value. Is there any other way? –  Apr 18 '13 at 02:25
  • how (in what way) do you want it encoded? – Andrew Savinykh Apr 18 '13 at 02:31
  • what you need is encryption or hash not encoding. even if you are able to encode it, people can still decode and see what value it is, so encoding is not useful for what you want. – 24x7Programmer Apr 18 '13 at 02:31
  • I want it encoded any way, but i need to use the secret key with encoding alogrithm. I will be defining the secret key in web.config. May be Encrypt Key and Decrypt Key. Any Idea ? –  Apr 18 '13 at 02:34
  • Could you please explain for what purpose do you want to encrypt it? I.e. what are you trying to achieve by encrypting it? There might be a better solution. – Andrew Savinykh Apr 18 '13 at 21:47
  • Consider changing the subject/title so you're not misleading people searching for real problems using ```HttpUtility.Encode```, for example "How can I encrypt URL parameters?" would be more appropriate, you might even get more/better feedback by correcting the title. As others have suggested, you should also consider rewriting your question to state what you really want, this way people who are in the know on encryption don't have to wonder why you're stating the obvious about URL Encoding. – Shaun Wilson Sep 18 '13 at 03:21

3 Answers3

0

"2" doesn't need to be UrlEncoded. It's not a reserved symbol in Urls. Try testing a string such as "<".

wewals
  • 1,447
  • 9
  • 9
  • +1, for suggestion. Can you see my comment for @zespri comment? –  Apr 18 '13 at 02:27
  • Right, you should rewrite the question to explain what you actually want. I think you are using a get request where you actually want to be using either a post if you're trying to change something stored against an entity or session data if you're just trying to maintain the user session as the move across the site. I don't know how far along you are, so I hope this doesn't offend, but sounds like reading up on sessions and cookies may be in order? – wewals Apr 18 '13 at 02:34
  • I will be using GET method. But i want to encrypt the values in url and it should not exposed as plain value. –  Apr 18 '13 at 02:36
0

Character "2" is part of the "unreserved" set as defined in RFC3986 https://www.rfc-editor.org/rfc/rfc3986#section-2.3

The "unreserved" do not need to be percent-encoded.

Regarding your comment about exposing it in the URL: encoding is not encryption. If you don't want to expose the integer user id in the URL you may need to have another unique identifier for the user that is OK to expose. For example, a random string that is unique in the user table (similar to how say youtube.com identifies videos) or a GUID.

Example of how to do simple symmetric encryption in C# using RijndaelManaged: Simple insecure two-way data "obfuscation"?

Make sure you keep the encryption key secret.

Community
  • 1
  • 1
Arsen
  • 965
  • 8
  • 7
0

The purpose of the UrlEncode method is to convert a string to a format that can be used in an URL. "2" is already can be used in an URL so this is a null-conversion it will result in the same value of "2".

Section 2 of RFC 3986 outlines what characters have to be encoded to become part of an URL.

Community
  • 1
  • 1
Andrew Savinykh
  • 25,351
  • 17
  • 103
  • 158