c# – Invalid length for a Base-64 char array

c# – Invalid length for a Base-64 char array

The length of a base64 encoded string is always a multiple of 4. If it is not a multiple of 4, then = characters are appended until it is. A query string of the form ?name=value has problems when the value contains = charaters (some of them will be dropped, I dont recall the exact behavior). You may be able to get away with appending the right number of = characters before doing the base64 decode.

Edit 1

You may find that the value of UserNameToVerify has had +s changed to s so you may need to do something like so:

a = a.Replace( , +);

This should get the length right;

int mod4 = a.Length % 4;
if (mod4 > 0 )
{
    a += new string(=, 4 - mod4);
}

Of course calling UrlEncode (as in LukeHs answer) should make this all moot.

My guess is that you simply need to URL-encode your Base64 string when you include it in the querystring.

Base64 encoding uses some characters which must be encoded if theyre part of a querystring (namely + and /, and maybe = too). If the string isnt correctly encoded then you wont be able to decode it successfully at the other end, hence the errors.

You can use the HttpUtility.UrlEncode method to encode your Base64 string:

string msg = Please click on the link below or paste it into a browser 
             + to verify your email account.<br /><br /><a href=
             + _configuration.RootURL + Accounts/VerifyEmail.aspx?a=
             + HttpUtility.UrlEncode(userName.Encrypt(verify)) + >
             + _configuration.RootURL + Accounts/VerifyEmail.aspx?a=
             + HttpUtility.UrlEncode(userName.Encrypt(verify)) + </a>;

c# – Invalid length for a Base-64 char array

Im not Reputable enough to upvote or comment yet, but LukeHs answer was spot on for me.

As AES encryption is the standard to use now, it produces a base64 string (at least all the encrypt/decrypt implementations Ive seen). This string has a length in multiples of 4 (string.length % 4 = 0)

The strings I was getting contained + and = on the beginning or end, and when you just concatenate that into a URLs querystring, it will look right (for instance, in an email you generate), but when the the link is followed and the .NET page recieves it and puts it into this.Page.Request.QueryString, those special characters will be gone and your string length will not be in a multiple of 4.

As the are special characters at the FRONT of the string (ex: +), as well as = at the end, you cant just add some = to make up the difference as you are altering the cypher text in a way that doesnt match what was actually in the original querystring.

So, wrapping the cypher text with HttpUtility.URLEncode (not HtmlEncode) transforms the non-alphanumeric characters in a way that ensures .NET parses them back into their original state when it is intepreted into the querystring collection.

The good thing is, we only need to do the URLEncode when generating the querystring for the URL. On the incoming side, its automatically translated back into the original string value.

Heres some example code

string cryptostring = MyAESEncrypt(MySecretString);
string URL = WebFunctions.ToAbsoluteUrl(~/ResetPassword.aspx?RPC= + HttpUtility.UrlEncode(cryptostring));

Leave a Reply

Your email address will not be published.