Problem using QueryString, replaces + with space

[Jeff]

hi

ASP.NET 3.5

the querystring of my webpage has this value:
Default.aspz?k=BQHeE3o mAmFMFGO2Jhm9A==

When I use HttpContext.Current.Request.QueryString["k"].ToString()
I get this result: BQHeE3o mAmFMFGO2Jhm9A==
(notice that the '+' is replaced with space)

I suppose to problem is in the encrypt/decrypt process, or more specific the
encrypt method which generate a value containing the '+'.

Here is the code I use to encrypt/decrypt the querystring

public sealed class CryptoString
{
public CryptoString() {}

private static byte[] savedKey = null;
private static byte[] savedIV = null;

public static byte[] Key
{
get { return savedKey; }
set { savedKey = value; }
}

public static byte[] IV
{
get { return savedIV; }
set { savedIV = value; }
}

private static void RdGenerateSecretKey(RijndaelManaged rdProvider)
{
if (savedKey == null)
{
rdProvider.KeySize = 128;
rdProvider.GenerateKey();
savedKey = rdProvider.Key;
}
}

private static void RdGenerateSecretInitVector(RijndaelManaged
rdProvider)
{
if (savedIV == null)
{
rdProvider.GenerateIV();
savedIV = rdProvider.IV;
}
}

public static string Encrypt(string originalStr)
{

byte[] originalStrAsBytes =
Encoding.ASCII.GetBytes(originalStr);
byte[] originalBytes = { };

//create MemoryStream to contain output
MemoryStream memStream = new
MemoryStream(originalStrAsBytes.Length);

RijndaelManaged rijndael = new RijndaelManaged();
RdGenerateSecretKey(rijndael);
RdGenerateSecretInitVector(rijndael);

if (savedKey == null || savedIV == null)
{
throw (new NullReferenceException("savedKey and savedIV must
not be non-null"));
}

//create encryptor, and stream objects
ICryptoTransform rdTransform =
rijndael.CreateEncryptor((byte[])savedKey.Clone(), (byte[])savedIV.Clone());
CryptoStream cryptoStream = new CryptoStream(memStream,
rdTransform, CryptoStreamMode.Write);

//write encrypted data to the memorystream
cryptoStream.Write(originalStrAsBytes, 0,
originalStrAsBytes.Length);
cryptoStream.FlushFinalBlock();
originalBytes = memStream.ToArray();

//release all resources
memStream.Close();
cryptoStream.Close();
rdTransform.Dispose();
rijndael.Clear();

//convert encrypted string
string encryptedStr = Convert.ToBase64String(originalBytes);

return (encryptedStr);
}


any suggestions?

 

[Anthony Jones]

hi

ASP.NET 3.5

the querystring of my webpage has this value:
Default.aspz?k=BQHeE3o mAmFMFGO2Jhm9A==

When I use HttpContext.Current.Request.QueryString["k"].ToString()
I get this result: BQHeE3o mAmFMFGO2Jhm9A==
(notice that the '+' is replaced with space)

I suppose to problem is in the encrypt/decrypt process, or more specific
the encrypt method which generate a value containing the '+'.

Historically + is used to replace a space in a URL string. This turned out
to be a bad call but we're kinda stuck with it. Microsoft continue to
support this encoding hence if you place a Base64 string on the URL without
URLEncoding it, on retrieval from a QueryString any + will become " ". Use
Server.URLEncode this will replace + with %2b which will correctly be
decoded for you by QueryString at the other end.

 

[Göran Andersson]

hi

ASP.NET 3.5

the querystring of my webpage has this value:
Default.aspz?k=BQHeE3o mAmFMFGO2Jhm9A==

When I use HttpContext.Current.Request.QueryString["k"].ToString()
I get this result: BQHeE3o mAmFMFGO2Jhm9A==
(notice that the '+' is replaced with space)

I suppose to problem is in the encrypt/decrypt process, or more specific the
encrypt method which generate a value containing the '+'.

No, it has nothing with the encryption to do.

The problem is that you haven't encoded the value properly when you put
it in the URL in the first place. You have to use Server.UrlEncode to
encode the special characters in the string so that it can be put in the
URL.

The plus sign is one of the ways that a space can be encoded in an URL.
It's correctly decoded into a space when you read the value from the
query string.