Why is this url unclickable?

J

Jeff

Hi

asp.net 3.5

When user signup to my website he gets an email containing a url he needs to
click on so he can verify his identiy. Now I got some problem with this url,
I'm changing it a bit which resulted in url not being clickable
(I changed it because before I sent the username as a parameter, that is not
very good in terms of security)

This url is unclickable
Confirm.aspx?user=S0B7mEuiaYBNZcMWpXGG7g%3d%3d

but Confirm.aspx?user=crapbook
is clickable

In addition I used Server.UrlEncode on the "S0B7mEuiaYBNZcMWpXGG7g%3d%3d"
value, maybe I should have used on the enture url?

what you suggest?
 
G

Guest

Hi

asp.net 3.5

When user signup to my website he gets an email containing a url he needs to
click on so he can verify his identiy. Now I got some problem with this url,
I'm changing it a bit which resulted in url not being clickable
(I changed it because before I sent the username as a parameter, that is not
very good in terms of security)

This url is unclickable
Confirm.aspx?user=S0B7mEuiaYBNZcMWpXGG7g%3d%3d

but Confirm.aspx?user=crapbook
is clickable

In addition I used Server.UrlEncode on the "S0B7mEuiaYBNZcMWpXGG7g%3d%3d"
value, maybe I should have used on the enture url?

what you suggest?

It's a problem with your email client, I believe. If I paste this url
in Gmail, I see no problem to send such message and click on the link
once received.
 
J

Jason Keats

Jeff said:
Hi

asp.net 3.5

When user signup to my website he gets an email containing a url he needs to
click on so he can verify his identiy. Now I got some problem with this url,
I'm changing it a bit which resulted in url not being clickable
(I changed it because before I sent the username as a parameter, that is not
very good in terms of security)

This url is unclickable
Confirm.aspx?user=S0B7mEuiaYBNZcMWpXGG7g%3d%3d

but Confirm.aspx?user=crapbook
is clickable

In addition I used Server.UrlEncode on the "S0B7mEuiaYBNZcMWpXGG7g%3d%3d"
value, maybe I should have used on the enture url?

what you suggest?

Using % is unsafe.

http://www.ietf.org/rfc/rfc1738.txt

I'd use a GUID.
 
J

Jeff

the email client I use is Opera. I was testing using hotmail and used Opera
to view the emails

Considering using GUID instead, I mean use userproviderkey:
link += "?user=" + Server.UrlEncode(user.ProviderUserKey.ToString());
 
G

Guest

the email client I use is Opera. I was testing using hotmail and used Opera
to view the emails

Considering using GUID instead, I mean use userproviderkey:
link += "?user=" + Server.UrlEncode(user.ProviderUserKey.ToString());

So, if you open the email in Hotmail, do you see the link?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top