How to use strange characters in a query string

Question

I am using silverlight / ASP .NET and C#. What if I want to do this from silverlight for instance,

// I have left out the quotes to show you literally what the characters
// are that I want to use
string password = vtakyoj#"5
string encodedPassword = HttpUtility.UrlEncode(encryptedPassword, Encoding.UTF8);
// encoded password now = vtakyoj%23%225

URI uri = new URI("http://www.url.com/page.aspx@password=vtakyoj%23%225");

HttpPage.Window.Navigate(uri);

If I debug and look at the value of uri it shows up as this (we are still inside the silverlight app),

http://www.url.com?password=vtakyoj%23"5

So the %22 has become a quote for some reason.

If I then debug inside the page.aspx code (which of course is ASP .NET) the value of Request["password"] is actually this,

vtakyoj#"5

Which is the original value. How does that work? I would have thought that I would have to go,

HttpUtility.UrlDecode(Request["password"], Encoding.UTF8)

To get the original value.

Hope this makes sense?

Thanks.

Answer 1

If Request["password"] is to work, you need "http://url.com?password=" + HttpUtility.UrlEncode("abc%$^#@"). I.e. you need ? to separate the hostname.

Also the @ syntax is username:password@hostname, but it has been disabled in IE7 and above IIRC.

Answer 2

First lets start with the UTF8 business. Esentially in this case there isn't any. When a string contains characters with in the standard ASCII character range (as your password does) a UTF8 encoding of that string is identical to a single byte ASCII string.

You start with this:-

vtakyoj#"5

The HttpUtility.UrlEncode somewhat aggressively encodes it to:-

vtakyoj%23%225

Its encoded the # and " however only # has special meaning in a URL. Hence when you view string value of the Uri object in Silverlight you see:-

vtakyoj%23"5

Edit (answering supplementary questions)

How does it know to decode it?

All data in a url must be properly encoded thats part of its being valid Url. Hence the webserver can rightly assume that all data in the query string has been appropriately encoded.

What if I had a real string which had %23 in it?

The correct encoding for "%23" would be "%3723" where %37 is %

Is that a documented feature of Request["Password"] that it decodes it?

Well I dunno, you'd have check the documentation I guess. BTW use Request.QueryString["Password"] the presence of this same indexer directly on Request was for the convenience of porting classic ASP to .NET. It doesn't make any real difference but its better for clarity since its easier to make the distinction between QueryString values and Form values.

if I don't use UFT8 the characters are being filtered out.

Aare you sure that non-ASCII characters may be present in the password? Can you provide an example you current example does not need encoding with UTF-8?