Wednesday, May 6, 2009

Difference between Convert.ToBase64String and HttpServerUtility.UrlTokenEncode?

There are two methods for converting a string to a Base64 value:

But what is the exact differnce between them? And when do you decide the use the Convert or the Encode?

When you are going to transmit a value via a URL the method to use is the: HttpServerUtility.UrlTokenEncode() method,

This method creates a url safe value.

The original base64 string encoding follows a standard definition which uses the following characters:

From:

http://www.ietf.org/rfc/rfc1421.txt

 Value Encoding  Value Encoding  Value Encoding  Value Encoding
      0 A            17 R            34 i            51 z
      1 B            18 S            35 j            52 0
      2 C            19 T            36 k            53 1
      3 D            20 U            37 l            54 2
      4 E            21 V            38 m            55 3
      5 F            22 W            39 n            56 4
      6 G            23 X            40 o            57 5
      7 H            24 Y            41 p            58 6
      8 I            25 Z            42 q            59 7
      9 J            26 a            43 r            60 8
     10 K            27 b            44 s            61 9
     11 L            28 c            45 t            62 +
     12 M            29 d            46 u            63 /
     13 N            30 e            47 v
     14 O            31 f            48 w         (pad) =
     15 P            32 g            49 x
     16 Q            33 h            50 y

                 Printable Encoding Characters
                            Table 1

As you can see there are a few characters in this set that are already used in normal urls. To create url save string the +, / and = characters are substituted for other tokens to create a value which is usable in a URL.


The System.Convert.ToBase64 does not display this behavior which might result in a value which isn't usable in a URL, So when you Encode a value to base64 data which you are going to use in a url use HttpSeverUtility.UrlTokenEncode to create safe values

Posted by op
Tags: ,

5 comments:

  1. Bob MacNealMay 6, 2009 at 8:39 PM

    Thanks for posting this.

    I had been using Convert.ToBase64String for encrypting a query string token. But, of course, it would fail whenever the encryption had a +/or= in it.

    Instead of using a hack, I found your post. So now I've my encrypt and decrypt methods to call UrlTokenEncode and UrlTokenDecode.

    ReplyDelete
  2. AnonymousMay 15, 2009 at 12:28 AM

    Before you go on, here is something you should know!

    UrlTokenEncode() has some kind of bug, or something. It returns crappy characters, if you apply strings containing XML- or HTML-tags, to it. Either it can't handle \r\n (carriage return + line feed - CRLF).

    I had to send some XML-data with the HTTP-POST method, and solved the problem this way instead:

    HttpUtility.UrlEncode(Convert.ToBase64String(Encoding.UTF8.GetBytes("Hello\r\nWorld!");

    Works great!


    // Hazz

    ReplyDelete
  3. Jean-FrançoisDecember 7, 2009 at 7:07 PM

    Hazz,

    What about slashes (/) in your XML? As Bob mentioned, +, / and = will cause problems in a query string, even if they are UrlEncoded.

    Cheers!

    JF

    ReplyDelete
  4. AnonymousAugust 21, 2013 at 7:42 PM

    how do i replicate UrlTokenEncode on client side

    ReplyDelete
  5. Chris StevensonNovember 13, 2013 at 8:57 PM

    @Anonymous: If you need the original bytes in the client, you should probably use a url parameter and encode as a base64 string.

    ReplyDelete

Subscribe to: Post Comments (Atom)