Why is this url unclickable?

  • Thread starter Thread starter Jeff
  • Start date Start date
J

Jeff

Hi

asp.net 3.5

When user signup to my website he gets an email containing a url he needs to
click on so he can verify his identiy. Now I got some problem with this url,
I'm changing it a bit which resulted in url not being clickable
(I changed it because before I sent the username as a parameter, that is not
very good in terms of security)

This url is unclickable
Confirm.aspx?user=S0B7mEuiaYBNZcMWpXGG7g%3d%3d

but Confirm.aspx?user=crapbook
is clickable

In addition I used Server.UrlEncode on the "S0B7mEuiaYBNZcMWpXGG7g%3d%3d"
value, maybe I should have used on the enture url?

what you suggest?
 
Hi

asp.net 3.5

When user signup to my website he gets an email containing a url he needs to
click on so he can verify his identiy. Now I got some problem with this url,
I'm changing it a bit which resulted in url not being clickable
(I changed it because before I sent the username as a parameter, that is not
very good in terms of security)

This url is unclickable
Confirm.aspx?user=S0B7mEuiaYBNZcMWpXGG7g%3d%3d

but Confirm.aspx?user=crapbook
is clickable

In addition I used Server.UrlEncode on the "S0B7mEuiaYBNZcMWpXGG7g%3d%3d"
value, maybe I should have used on the enture url?

what you suggest?
Click to expand...

It's a problem with your email client, I believe. If I paste this url
in Gmail, I see no problem to send such message and click on the link
once received.
 
Jeff said:
Hi

asp.net 3.5

When user signup to my website he gets an email containing a url he needs to
click on so he can verify his identiy. Now I got some problem with this url,
I'm changing it a bit which resulted in url not being clickable
(I changed it because before I sent the username as a parameter, that is not
very good in terms of security)

This url is unclickable
Confirm.aspx?user=S0B7mEuiaYBNZcMWpXGG7g%3d%3d

but Confirm.aspx?user=crapbook
is clickable

In addition I used Server.UrlEncode on the "S0B7mEuiaYBNZcMWpXGG7g%3d%3d"
value, maybe I should have used on the enture url?

what you suggest?
Click to expand...

Using % is unsafe.

http://www.ietf.org/rfc/rfc1738.txt

I'd use a GUID.
 
the email client I use is Opera. I was testing using hotmail and used Opera
to view the emails

Considering using GUID instead, I mean use userproviderkey:
link += "?user=" + Server.UrlEncode(user.ProviderUserKey.ToString());
 
the email client I use is Opera. I was testing using hotmail and used Opera
to view the emails

Considering using GUID instead, I mean use userproviderkey:
link += "?user=" + Server.UrlEncode(user.ProviderUserKey.ToString());
Click to expand...

So, if you open the email in Hotmail, do you see the link?
 
Back
Top