views:

469

answers:

3

I am Encrypted using AES and passing in querystring, will Html.Encode convert all the characters properly such that calling Decode will result in the same string?

+1  A: 

HTML encoding is different from URL encoding. HTML encoding is used when you want to output a URL in an HTML document. It escapes HTML stuff. To output a URL in an HTML page you should first URL encode the values to generate a valid URL and then HTML encode it when you want to write it in an HTML page.

Use HttpUtility.UrlEncode. Alternatively, you could first convert the byte[] to base64 using Convert.ToBase64String and then encode it using HttpUtility.UrlEncode. It's likely to generate a shorter URL.

Mehrdad Afshari
My encrypted string has a + in it, and it seems the + is being lost during the urlencoding/decoding. Is that possible?
(I am first doing a ToBase64String and then urlencoding it.)
UrlEncoding should encode + to its equivalent value(%2b). By the way, you shouldn't encode the whole URL. You should only encode the parameters in the URL.
Mehrdad Afshari
A: 

Calling HttpUtility.UrlEncode before putting it in the query string will encode it correctly.

On the receiving side, the QueryString property already decodes the values, so you shouldnt call any decoding methods (other than Convert.FromBase64String)

SLaks
A: 

AES encrypts in a byte oriented fashion. To transmit bytes in the query string you'll need to convert it to text. One way to do that is to use Convert.ToBase64String().

Once it has been converted to text you'll need to make sure any non-alphanumerics are encoded properly via UrlEncode().

On the receiving end if it's already UrlDecoded() you should be able to convert the text into an encrypted byte stream via Convert.FromBase64String() then decrypt the resulting byte array.

Arnshea