0

I've got aform with a continue link that is send by email. In this link I've added some sensitive encrypted data that is encoded by Base64. The value contains a slash which is encoded into %2F (with a Server.UrlEncode). When I send the link to a Windows Live address I see that Outlook.com decodes the %2F back into a forward slash. How can I prevent this?

I'm sending:
<a href="http://www.tempuri.com/key=RVQ%2FcGhvbmVfaG9tZSE%3D">Continue</a>

But I'm seeing:
<a href="http://www.tempuri.com/key=RVQ/cGhvbmVfaG9tZSE=%3D">Continue</a>

It can be reproduced by sending the link http://www.tempuri.com/key=RVQ%2FcGhvbmVfaG9tZSE%3D from any mail client to the Windows Live address.

Kees C. Bakker
  • 32,294
  • 27
  • 115
  • 203
  • Please provide a snapshot of your code so that we may help ! – Ashraf Bashir Mar 26 '13 at 10:32
  • Just to be clear, Base64 encoding doesn't provide any sort of encryption whatsoever, and anybody can decode it. Use the MachineKey.Protect static method if you need to perform encryption. – Levi Mar 26 '13 at 15:28

1 Answers1

0

You can try to encode the value twice.

So RVQ/cGhvbmVfaG9tZSE= is encoded as RVQ%2FcGhvbmVfaG9tZSE%3D --> this was your value.

Now encode this, and you get RVQ%252FcGhvbmVfaG9tZSE%253D --> the email client won't decode %252F to a slash so your problem is gone.

Just don't forget to decode the value twice ;-)

Erik Dekker
  • 2,395
  • 5
  • 33
  • 55