Wednesday, May 6, 2009

Difference between Convert.ToBase64String and HttpServerUtility.UrlTokenEncode?

There are two methods for converting a string to a Base64 value:

But what is the exact differnce between them? And when do you decide the use the Convert or the Encode?

When you are going to transmit a value via a URL the method to use is the: HttpServerUtility.UrlTokenEncode() method,

This method creates a url safe value.

The original base64 string encoding follows a standard definition which uses the following characters:


 Value Encoding  Value Encoding  Value Encoding  Value Encoding
0 A 17 R 34 i 51 z
1 B 18 S 35 j 52 0
2 C 19 T 36 k 53 1
3 D 20 U 37 l 54 2
4 E 21 V 38 m 55 3
5 F 22 W 39 n 56 4
6 G 23 X 40 o 57 5
7 H 24 Y 41 p 58 6
8 I 25 Z 42 q 59 7
9 J 26 a 43 r 60 8
10 K 27 b 44 s 61 9
11 L 28 c 45 t 62 +
12 M 29 d 46 u 63 /
13 N 30 e 47 v
14 O 31 f 48 w (pad) =
15 P 32 g 49 x
16 Q 33 h 50 y

Printable Encoding Characters
Table 1

As you can see there are a few characters in this set that are already used in normal urls. To create url save string the +, / and = characters are substituted for other tokens to create a value which is usable in a URL.

The System.Convert.ToBase64 does not display this behavior which might result in a value which isn't usable in a URL, So when you Encode a value to base64 data which you are going to use in a url use HttpSeverUtility.UrlTokenEncode to create safe values


  1. Thanks for posting this.

    I had been using Convert.ToBase64String for encrypting a query string token. But, of course, it would fail whenever the encryption had a +/or= in it.

    Instead of using a hack, I found your post. So now I've my encrypt and decrypt methods to call UrlTokenEncode and UrlTokenDecode.

  2. Before you go on, here is something you should know!

    UrlTokenEncode() has some kind of bug, or something. It returns crappy characters, if you apply strings containing XML- or HTML-tags, to it. Either it can't handle \r\n (carriage return + line feed - CRLF).

    I had to send some XML-data with the HTTP-POST method, and solved the problem this way instead:


    Works great!

    // Hazz

  3. Hazz,

    What about slashes (/) in your XML? As Bob mentioned, +, / and = will cause problems in a query string, even if they are UrlEncoded.



  4. how do i replicate UrlTokenEncode on client side

  5. @Anonymous: If you need the original bytes in the client, you should probably use a url parameter and encode as a base64 string.