Retrieval of input type=password Request.Form["strPassword"] gives null

Question

Are there any special considerations trying to read up data from an HTML form where the element is an input type="Password"? When a ColdFusion page POSTs my handler with form data I am getting null for the password instead of the typed value.

Here is the key line from the larger block below:

string password = context.Request.Form["strPassword"];

I have an HTTPHandler.ashx code file that performs an upload of a file when posted. Here is the key snippet of this code:

        string username = context.Request.Form["strUsername"];
        if (String.IsNullOrEmpty(username))
        {
            IdentifyInvoker = GetUserInfo();
            brokerService = new Broker.FileService();
        }
        else
        {
            string password = context.Request.Form["strPassword"];
            string domain = context.Request.Form["strDomain"];
            IdentifyInvoker = GetInvokerInfoFromForm(username, password, domain);
            brokerService = new Broker.FileService(username,password,domain);
        }

The form from which the above code is posted (from ColdFusion) looks like this:

<b>User Name</b> <input type="text" name="strUsername" id="strUsername" size="13" />   
<b>Password</b> <input type="Password" name="strPassword" id="strPassword" size="15" />   
<b>Domain</b> <input type="text" name="strDomain" id="strDomain" size="13" value="cbmiweb" />

I was able to trap this with the debugger and was shocked to see that after this: string password = context.Request.Form["strPassword"];

... password = null

In the immediate window, sure enough:

?context.Request.Form["strPassword"]
null

If I examine the entire Form collection in the debugger, I see the proper values laid out (separated by &) and none of the important data elements is null (but strangely the data contains a plus sign in front of the equal sign)! Here is a snippet from the immed window:

&strUsername=johna&strPassword+=xxxxxxxx&strDomain+=cbmiweb}

I have an ASP.NET client that POSTs to this same HTTPHandler and that works fine. Here the same form data shows without the interfering PLUS signs:

&strUsername=johna&strPassword=xxxxxxxx&strDomain=cbmiweb}

Any ideas on what causes this and how to retrieve the form data when it's formatted with the intervening PLUS signs?

EDIT: Both the ASP.NET form and the ColdFusion form specify enctype="multipart/form-data" yet the latter embeds these PLUS signs.

Answer 1

Plus sign is the problem, it should not have been there, is your coldfusion forwarding request to your page or it is using its internal http request engine to do so?

Plus sign appears due to white space, please check in your coldfusion if any string concatenation caused white spaces to be inserted in your posted data?