One of our programmer friends asked this query recently:
I want to send an email to my site user once he clicks a button. This email will contain a link with the userID of a user in the link URL (as query param of a link).Once the user clicks this email link, my server side code will parse and decrypt the userID query string key to get the user ID and perform some action on it.I cannot use base64 encoding as it can be reversed and 'hackers' can get to know the real userID. I have to encrypt the ID but when I am using AES alogrithms (with salt) for encryption, the encrypted text is not "understandable" by the browser, ie I cannot pass the encrypted userId text as a part of the URL because it contains un-encoded characters like "/" which the browser cannot by pass. One option I can think of is to base64 encode the encrypted text once I send it across via URL. Then I can bease64 decode and decyrpt it. Is this a viable approach and will work in all cases?
While sending encrypted text via URLs, the encoding has to be URL friendly. By default the base64 encoding is *not* URL friendly, it has characters like "/" which can break any URL. One option is to use the below string replace function:
string base64EncodedText = base64UrlEncodedText.Replace('-', '+').Replace('_', '/')
But the best option is to use Uri.EscapeDataString(), as shown below:
string key = sc.Encrypt(inputText);