0

I have an encrypted password sting that is being passed from a classic asp page to a MVC controller. I have recently found out that this password can contain a "/" which creates the scenario where MVC is expecting an extra param instead of regarding it as part of the previous param value.

in the example below the password is "o/KR9Rzja1Q5"

http://localhost:8501/MyPage/Account/BRIAN/o/KR9Rzja1Q5

I have thought of using Server.URLEncode and Server.URLDecode however MVC breaks with a typical 404 error before i can action the Server methods.

I know why its breaking, i need to know if there is any reasonable work around for the problem before i start re-writing the application.

Changing the password encryption is NOT an option

Ettienne
  • 1
  • 1
  • 2
    Encode the password on the sending end, and use POST to start with. – Patrick Hofman Apr 10 '17 at 10:34
  • 1
    It's not a password by any conventional measure. URLs are not a secure place to place secure information. – spender Apr 10 '17 at 10:35
  • did you try [these](http://stackoverflow.com/questions/591694/url-encoded-slash-in-url) solutions? – Syed Ali Taqi Apr 10 '17 at 10:38
  • Patrick thank you for highlighting the duplicate answer, i was not able to find that specific solution in my searches, I have managed to implement some of that solution in my code. Trick was to find a character that was not in use my encrypted password list. Quick search on the database i found that "!" was not being utilized as an encryption character, so i was able to use that to replace the "/" – Ettienne Apr 10 '17 at 12:04

0 Answers0