views:

220

answers:

2

I am using silverlight / ASP .NET and C#. What if I want to do this from silverlight for instance,

// I have left out the quotes to show you literally what the characters
// are that I want to use
string password = vtakyoj#"5
string encodedPassword = HttpUtility.UrlEncode(encryptedPassword, Encoding.UTF8);
// encoded password now = vtakyoj%23%225

URI uri = new URI("http://www.url.com/page.aspx@password=vtakyoj%23%225");

HttpPage.Window.Navigate(uri);

If I debug and look at the value of uri it shows up as this (we are still inside the silverlight app),

http://www.url.com?password=vtakyoj%23"5

So the %22 has become a quote for some reason.

If I then debug inside the page.aspx code (which of course is ASP .NET) the value of Request["password"] is actually this,

vtakyoj#"5

Which is the original value. How does that work? I would have thought that I would have to go,

HttpUtility.UrlDecode(Request["password"], Encoding.UTF8)

To get the original value.

Hope this makes sense?

Thanks.

A: 

If Request["password"] is to work, you need "http://url.com?password=" + HttpUtility.UrlEncode("abc%$^#@"). I.e. you need ? to separate the hostname.

Also the @ syntax is username:password@hostname, but it has been disabled in IE7 and above IIRC.

Mark Hurd
Right. I made a mistake. It has nothing to do with @. I have totally changed the question
peter
+1  A: 

First lets start with the UTF8 business. Esentially in this case there isn't any. When a string contains characters with in the standard ASCII character range (as your password does) a UTF8 encoding of that string is identical to a single byte ASCII string.

You start with this:-

vtakyoj#"5

The HttpUtility.UrlEncode somewhat aggressively encodes it to:-

vtakyoj%23%225

Its encoded the # and " however only # has special meaning in a URL. Hence when you view string value of the Uri object in Silverlight you see:-

vtakyoj%23"5

Edit (answering supplementary questions)

How does it know to decode it?

All data in a url must be properly encoded thats part of its being valid Url. Hence the webserver can rightly assume that all data in the query string has been appropriately encoded.

What if I had a real string which had %23 in it?

The correct encoding for "%23" would be "%3723" where %37 is %

Is that a documented feature of Request["Password"] that it decodes it?

Well I dunno, you'd have check the documentation I guess. BTW use Request.QueryString["Password"] the presence of this same indexer directly on Request was for the convenience of porting classic ASP to .NET. It doesn't make any real difference but its better for clarity since its easier to make the distinction between QueryString values and Form values.

if I don't use UFT8 the characters are being filtered out.

Aare you sure that non-ASCII characters may be present in the password? Can you provide an example you current example does not need encoding with UTF-8?

AnthonyWJones
It turns out that it is not causing a problem as such, but I just want to know that what I am seeing is OK. In the ASP .NET application if I look at the value of Request["password"] I get vtakyoj#"5. I would expect to get vtakyoj%23%225 and then have to call HttpUtility.UrlDecode(Request["password"], Encoding.UTF8); to get the original value back. What am I actually seeing here? Does Request["Password"] automatically decode it?
peter
@peter: Yes it is decoding for you.
AnthonyWJones
How does it know to decode it? What if I had a real string which had %23 in it? Does it just decode it anyway? That would be annoying. Is that a documented feature of Request["Password"] that it decodes it? I am dealing with something here which I thought was an issue / error, but it is fine actually. Everything is good, and working as expected.
peter
Also you as saying this 'First lets start with the UTF8 business. Esentially in this case there isn't any'. But if I don't use UFT8 the characters are being filtered out. But I think what you are saying is that the fact that HttpUtility.UrlEncode is aggressive is what is making it work for me.
peter
I just need to be 100% sure of what is going on here, or else it will bite me in the bum.
peter
@peter: Answers to your other questions added to this answer.
AnthonyWJones
Thanks, but ... The example I give is the one that fails if I don't encode to UTF8. If the characters # and " are part of the query string they end up not present in the ASP. NET application.
peter
Something along the lines filters those characters out, and I guess it doesn't matter if those characters need encoding as UTF8 or not.
peter