C# Byte[] to Url Friendly String

Question

Hello,

I'm working on a quick captcha generator for a simple site I'm putting together, and I'm hoping to pass an encrypted key in the url of the page. I could probably do this as a query string parameter easy enough, but I'm hoping not too (just because nothing else runs off the query string)...

My encryption code produces a byte[], which is then transformed using Convert.ToBase64String(byte[]) into a string. This string, however, is still not quite url friendly, as it can contain things like '/' and '='. Does anyone know of a better function in the .NET framework to convert a byte array to a url friendly string?

I know all about System.Web.HttpUtility.UrlEncode() and its equivalents, however, they only work properly with query string parameters. If I url encode an '=' inside of the path, my web server brings back a 400 Bad Request error.

Anyways, not a critical issue, but hoping someone can give me a nice solution

**EDIT: Just to be absolutely sure exactly what I'm doing with the string, I figured I would supply a little more information.

The byte[] that results from my encryption algorithm should be fed through some sort of algorithm to make it into a url friendly string. After this, it becomes the content of an XElement, which is then used as the source document for an XSLT transformation, and is used as a part of the href attribute for an anchor. I don't believe the xslt transformation is causing the issues, since what is coming through on the path appears to be an encoded query string parameter, but causes the HTTP 400

I've also tried HttpUtility.UrlPathEncode() on a base64 string, but that doesn't seem to do the trick either (I still end up with '/'s in my url)**

Answer 1

Have a look at System.BitConverter.ToString(myByteArray)

Handy for one way encoding for things like hashes but as pointed out by ssg it's not very efficient. I wouldn't recommend it for large amounts of data.

Answer 2

Base64 has these characters: +, /, =

Step 1: Trim away the "="s since they are used for padding the output. str.Trim(new char[] {'='});. Base64 decoder should be able to get away without them.

Step 2: "/" is ok in the URL string in the query section (after "?"). i.e. http://www.google.com/?q=/some/ (Request.QueryString["q"] == "/some/"). EDIT: You mentioned the string is in path, then you have to do anohter replace for "/" to "%2F".

Step 3: Replace "+"s with "%2B". str.Replace("+", "%2B");

So final code would be:

str = str.Trim(new char[] {'='}).Replace("+", "%2B").Replace("/", "%2F");

You're done.

Answer 3

if you're working on a quick captcha for a simple site you're putting together, why are you writing it from scratch instead of using something that has been tried and tested like recaptcha?

Answer 4

You're looking for HttpServerUtility.UrlTokenEncode and HttpServerUtility.UrlTokenDecode, in System.Web.

They encode in base64, replacing the potentially dangerous '+' and '/' chars with '-' and '_' instead.

MSDN documentation