dealing with an encrypted HttpUtility.UrlEncode parameter

I have a problem dealing with encrypted URL parameters when applying HttpUtility.UrlEncode or UrlDecode.

for a given url string: ?fid=7kqguwhYMNw=&uid=YCRSGG71+58= the PLUS sign which is part of the encrypted data of uid is stripped out and replaced with a space so my attempts to decrypt it fail.

OK, so I know that the + is a reserved sho开发者_如何学编程rthand for space in QUERYSTRING(RFC 1630) but since I don't have too much control over the value that is returned from encryption how can I get around this.

EDIT: OK, so good point brought up. Ignore the UrlEncode/UrlDecode part of the question. Request.QueryString(["uid"]) will still have the plus sign stripped out of it when I pass it to my decryption method.

I would suggest adding code to remove the = characters, replace + with -, and replace / with .

s = s.Replace("=", "").Replace("+", "-").Replace("/", ".")

If you need to process the resulting string, you can do the reverse:

s = s.Replace(".", "/").Replace("-", "+")

(there is no reason to put back the = characters... they are merely padding).

That way you don't need to worry about URL encoding and decoding and it avoids unnecessary expansion of your string. It also looks more professional to users if they end up seeing the URL... percent signs in URL are ugly and almost always unnecessary... it screams "amateur" whenever I see them.

The Base-64 encoded value needs to be URL-encoded before it is put in the URL. If I do HttpUtility.UrlEncode("YCRSGG71+58=") then I get YCRSGG71%2b58%3d - which has no plus signs, and can be correctly decoded.

In other words, the code that is putting a base-64 value on the URL without encoding it first is wrong. If you control that code, you should change it. If you don't control that code, then don't try to decode something that wasn't url-encoded in the first place.

As a side remark, you should use HttpUtility.UrlEncode and HttpUtility.UrlDecode for this kind of work. However, even these wont help you since the URL is malformed anyway.

So, don't use anything at all! Since it's not encoded, why decode it?