0

I'm using an .ashx handler to securely download files to a client. On a certain webform page I have a link that points to my .ashx file which takes query string. In a particular instance it is encrypting a a number: 148 to this : .....ashx?q=035EeD+5BQ8=".

The debugger interperets this as .....ashx?q=035EeD+5BQ8%3d", and the string I assign this value to converts %3d back to an equal sign but removes the + sign and replaces it with a blank. So essentially my decrypting method complains that the input string's length isn't long enough, because of the + sign being converted to white space.

Why would it do this? Is there a simple method that I can encrypt/decrypt a query string? It doesn't need to be bank vault security, but I would like to do something.

The Muffin Man
  • 19,585
  • 30
  • 119
  • 191
  • check : http://stackoverflow.com/questions/4606376/issue-with-sending-base64-encoded-query-string-in-aasp-net – abmv May 08 '11 at 09:35
  • check : http://runtingsproper.blogspot.com/2009/10/why-aspnet-accidentally-corrupts-your.html – abmv May 08 '11 at 09:36
  • The maximum length of my query string doesn't usually exceed 10 chars. I think I'm good on that part. – The Muffin Man May 08 '11 at 09:39
  • 2
    See http://stackoverflow.com/questions/1228701/code-for-decoding-encoding-a-modified-base64-url - basically you need to use `HttpServerUtility.UrlTokenEncode/UrlTokenDecode`. – Jon Skeet May 08 '11 at 09:39
  • @Jon, So technically it will read exactly what I have in the QS and not try to run magic on it? – The Muffin Man May 08 '11 at 09:42
  • @Nick: I'm not exactly sure what you mean... what magic do you think is currently going on? – Jon Skeet May 08 '11 at 09:44
  • @John, i'm passing a string via query string, and it's not returning my qs value as literally what I have. It's replacing an = sign with %3d and a + sign with whitespace.. anyways i'm trying to work with your example : 'HttpServerUtility.UrlTokenDecode(context.Request.QueryString["q"]` how can I convert this to a string? .Tostring() doesn't work. – The Muffin Man May 08 '11 at 09:46
  • @Nick: Yes, that's because you're using a query string containing characters with a special meaning. You haven't shown the encryption/decryption code, but it should be using `byte[]` rather than `string` as the encrypted form - currently you're base64-encoding the result, whereas if you just use `UrlTokenEncode` *instead* of the call to `Convert.ToBase64String`, it will be fine. – Jon Skeet May 08 '11 at 09:52
  • @Jon, I'm using the system.web namespace and I don't see the .UrlTokenEncode. Even using control . doesn't find the appropriate namespace. – The Muffin Man May 08 '11 at 10:01
  • @Jon I quit, because here I must type all the encode/decode methods and maybe is better your solution point. – Aristos May 08 '11 at 10:02

0 Answers0