1

I am implementing email verification by sending email to user on registration. On successful registration a mail with link to "http://mydomain.com/Account/Activate/EncryptedKeyID." Sometime i got '/' or special character that cant be passed to the url. So, I use HttpUtility.UrlEncode to encode. But this does not help. When I click on the email it gives IIS error because of extra slash in "http://mydomain.com/Account/Activate/JLU/YmtRdRAFmBdqhR7tnA==". I have used Rijndael/AES for encrypt and decrypt.

My Questions are: Should i go for another encryption method? Is there any alternative?

thanks in advance for your time and help

4

1 回答 1

1

挖掘之后,我发现 HttpUtility.UrlEncode 不适用于我的情况,我必须使用 HttpServerUtility.UrlTokenEncode 因为它对 url 更安全。它不包含任何具有潜在危险的字符“+”和“/”字符,而是带有“-”和“_”。对于我的情况,我使用 var ativationLink=HttpServerUtility.UrlTokenEncode(Convert.FromBase64String(Rij.Encrypt(param)));链接添加电子邮件。

并检索我使用的原始参数

 var param= Rij.Decrypt(Convert.ToBase64String(HttpServerUtility.UrlTokenDecode(ActivationKey)));
于 2013-10-03T17:37:47.620 回答