0

I have a client that Connects to Asp.net Webapi2,Using Identity & OAuth2 for Authentication.
In Authentication Process , whenever Password Field Contains '+' character.The Server Just Ignore this Character!!!(And Most Other Sign Chars Mentioned In Test below)

string data = "grant_type=password&username=" + username + "&password=" + password; byte[] bytes = System.Text.Encoding.UTF8.GetBytes(data); data.PostToUrl();//This Is just pseudoCode

In Server Debug:
Sent Data : password=test+1
Received Data : password=test 1
 test2
Sent Data : "+_)(&^%$#@!~"
Received Data :" _)("

Thanks.

Improve this question
5
  • You have to encode it to '%2b' edit: on phone idk how to do the correct format for code in comments from here since I can't do the characters so ignore the ' Commented Oct 1, 2015 at 5:31
  • Not just in this case, it is good to encode parameters (posted in request body or sent through querystring). Commented Oct 1, 2015 at 5:34
  • As query strings might end up in logfiles, you might consider moving the username and password to the post data instead to keep them secure. That will fix your encoding issue too. Commented Oct 1, 2015 at 5:36
  • Data Is Sent With POST method, as mentioned in title Commented Oct 1, 2015 at 5:39
  • It's the same, except for that the data is not stored in the url, it's store in the content body. Commented Oct 1, 2015 at 5:54

2 Answers 2

Reset to default
2

What is the issue? With HTTP URL a + is equivalent to a space. In fact %20 can also be used.

When sending data in a query always use UrlEncode; as in

var q = string.Format("grant_type=password&username={0}&password={1}", HttpUtility.UrlEncode(username), HttpUtility.UrlEncode(password));
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I use POST, Why shoud I care about HTTP URL?
You haven't shown the POST code. But I suspect the Content-Type is application-x-www-form-urlencoded, so you must follow the rules.
Yes It is,Thanks I got it.
What About Content-Type:application/json ? no need to URLEncode?
No, but you would have to encode as JSON and does the service accept JSON? Also JSON expects UTF-8 by default.
2

HttpServerUtility.UrlEncode

this will help solve the problem with special characters such as + anad #

To use it you'll need to add a reference to System.Web (Project Explorer > References > Add reference > System.Web)

Once you've done that you can use it to encode any items you wish

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.