Code for decoding/encoding a modified base64 URL (in ASP.NET Framework)

Question

I want to base64 encode data to put it in a URL and then decode it within my HttpHandler.

I have found that Base64 Encoding allows for a '/' character which will mess up my UriTemplate matching. Then I found that there is a concept of a "modified Base64 for URL" from wikipedia:

A modified Base64 for URL variant exists, where no padding '=' will be used, and the '+' and '/' characters of standard Base64 are respectively replaced by '-' and '_', so that using URL encoders/decoders is no longer necessary and has no impact on the length of the encoded value, leaving the same encoded form intact for use in relational databases, web forms, and object identifiers in general.

Using .NET I want to modify my current code from doing basic base64 encoding and decoding to using the "modified base64 for URL" method. Has anyone done this?

To decode, I know it starts out with something like:

string base64EncodedText = base64UrlEncodedText.Replace('-', '+').Replace('_', '/');

// Append '=' char(s) if necessary - how best to do this?

// My normal base64 decoding now uses encodedText

But, I need to potentially add one or two '=' chars to the end which looks a little more complex.

My encoding logic should be a little simpler:

// Perform normal base64 encoding
byte[] encodedBytes = Encoding.UTF8.GetBytes(unencodedText);
string base64EncodedText = Convert.ToBase64String(encodedBytes);

// Apply URL variant
string base64UrlEncodedText = base64EncodedText.Replace("=", String.Empty).Replace('+', '-').Replace('/', '_');

I have seen the Guid to Base64 for URL StackOverflow entry, but that has a known length and therefore they can hardcode the number of equal signs needed at the end.

Fredrik Haglund · Accepted Answer · 2022-02-18 14:37:31Z

181

Also check class HttpServerUtility with UrlTokenEncode and UrlTokenDecode methods that is handling URL safe Base64 encoding and decoding.

Note 1: The result is not a valid Base64 string. Some unsafe characters for URL are replaced.

Note 2: The result differs from the base64url algorithm in RFC4648, it replaces the '=' padding with '0', '1' or '2' depending on how many equal signs it replaced to make the value safe for a query parameter.

///<summary>
/// Base 64 Encoding with URL and Filename Safe Alphabet using UTF-8 character set.
///</summary>
///<param name="str">The origianl string</param>
///<returns>The Base64 encoded string</returns>
public static string Base64ForUrlEncode(string str)
{
    byte[] encbuff = Encoding.UTF8.GetBytes(str);
    return HttpServerUtility.UrlTokenEncode(encbuff);
}
///<summary>
/// Decode Base64 encoded string with URL and Filename Safe Alphabet using UTF-8.
///</summary>
///<param name="str">Base64 code</param>
///<returns>The decoded string.</returns>
public static string Base64ForUrlDecode(string str)
{
    byte[] decbuff = HttpServerUtility.UrlTokenDecode(str);
    return Encoding.UTF8.GetString(decbuff);
}

edited Feb 18, 2022 at 14:37

answered Nov 24, 2009 at 10:26

Fredrik Haglund

2,3752 gold badges17 silver badges20 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

JoelFan Over a year ago

Won't this use % encoding for every / + and = ? This is not as efficient as the other answer

Fredrik Haglund Over a year ago

No, it replaces equal signs used for padding in the end with a number and substitutes plus and slash with minus and underscore.

ladenedge Over a year ago

Note that UrlTokenEncode is not strictly base64url, as it replaces the '=' padding with '0', '1' or '2' depending on how many equal signs it replaced.

AnthonyWJones · Accepted Answer · 2009-08-04 21:36:49Z

86

This ought to pad it out correctly:-

 base64 = base64.PadRight(base64.Length + (4 - base64.Length % 4) % 4, '=');

edited Aug 4, 2009 at 21:36

answered Aug 4, 2009 at 17:06

AnthonyWJones

190k35 gold badges236 silver badges307 bronze badges

10 Comments

Kirk Liemohn Over a year ago

Won't this add up to three '=' chars? It appears that there will only be 0, 1, or 2 of these.

AnthonyWJones Over a year ago

@Kirk: If it adds 3 characters then the base64 string is already corrupt. I guess it would be a good idea to validate the string, it should only contain the characters expected and Length % 4 != 3.

Kirk Liemohn Over a year ago

Hmmm. In trying this out, it isn't doing the trick. Still looking for answers. The number of equal signs just isn't panning out properly.

AnthonyWJones Over a year ago

Oops needed to invert the modulo.

blueling Over a year ago

@AnthonyWJones 'it should only contain the characters expected and Length % 4 != 1', right?

|

Scott · Accepted Answer · 2023-07-11 16:07:43Z

41

Not enough points to comment, but in case it helps, the code snippet that Sushil found in the link provided RFC 7515 JSON Web Signature works for when encoding Base 64 as a parameter in URL.

Copied snippet below for those that are lazy:

    static string Base64UrlEncode(byte[] arg)
    {
        string s = Convert.ToBase64String(arg); // Regular base64 encoder
        s = s.Split('=')[0]; // Remove any trailing '='s
        s = s.Replace('+', '-'); // 62nd char of encoding
        s = s.Replace('/', '_'); // 63rd char of encoding
        return s;
    }

    static byte[] Base64UrlDecode(string arg)
    {
        string s = arg;
        s = s.Replace('-', '+'); // 62nd char of encoding
        s = s.Replace('_', '/'); // 63rd char of encoding
        switch (s.Length % 4) // Pad with trailing '='s
        {
            case 0: break; // No pad chars in this case
            case 2: s += "=="; break; // Two pad chars
            case 3: s += "="; break; // One pad char
            default: throw new System.Exception(
              "Illegal base64url string!");
        }
        return Convert.FromBase64String(s); // Standard base64 decoder
    }

edited Jul 11, 2023 at 16:07

Scott

4,6441 gold badge21 silver badges28 bronze badges

answered Oct 13, 2015 at 22:40

Stefan Zvonar

4,3993 gold badges27 silver badges32 bronze badges

2 Comments

Reza Mortazavi Over a year ago

this is compatible with Xamarin for not using System.Web

Sleeping_Giant Over a year ago

Exactly what I was looking for! Really good option for Xamarin without having to pull in a library.

Community · Accepted Answer · 2021-10-07 07:13:45Z

21

I hit here while looking for code to do encode/decode for base64url encoding which is little different than base64 as explained in the question.

Found c# code snippet in this document. JSON Web Signature ietf draft

edited Oct 7, 2021 at 7:13

CommunityBot

11 silver badge

answered Jan 16, 2013 at 8:23

Sushil

5,5552 gold badges19 silver badges15 bronze badges

1 Comment

HeyZiko Over a year ago

This was the only solution that worked for me when parsing a message in the GMail API v1 (Message.Raw)

Chris Halcrow · Accepted Answer · 2016-07-28 02:40:16Z

5

In comparison to the accepted answer, here is how you would fundamentally decode a base64 encoded url, using C#:

Decode:

string codedValue = "base64encodedUrlHere";

string decoded;
byte[] buffer =  Convert.FromBase64String(codedValue);
decoded = Encoding.UTF8.GetString(buffer);

edited Jul 28, 2016 at 2:40

answered Jan 7, 2016 at 1:40

Chris Halcrow

32.5k19 gold badges202 silver badges235 bronze badges

2 Comments

Mauricio Gracia Gutierrez Over a year ago

maybe if you provide more details and comparison to the accepted answer you might get an upvote - thanks

TimTIM Wong Over a year ago

It's not a base64-encoded URL, but base64url-encoded data.

Collectives™ on Stack Overflow

Code for decoding/encoding a modified base64 URL (in ASP.NET Framework)

5 Answers 5

3 Comments

10 Comments

2 Comments

1 Comment

2 Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

3 Comments

10 Comments

2 Comments

1 Comment

2 Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related