I’ve a very strange problem (using SL5, WCF DataServices 5.0.1):
I’ve a ServiceOperation with 2 String parameters (Username, Password) which checks if the users exists
public IQueryable<User> Login(string username, string password)
{...}
When I try to call this everythings works fine, except the case that the password-hash contains a ‘+’ character in it. In this case, it seems if it is replaced by a whitespace-character:
var pwd = CRQWKrKzCcQVnlhk2zl0j5QM+c5ujQGMv0XXnh4genI=
this.Context.BeginExecute<User>(new Uri(string.Format("/Login?username='{0}'&password='{1}'", username, pwd), UriKind.Relative), (ar) => { .. }, null);
If I grab that with Fiddler, the Request-Header seems ok to me…
GET /Service.svc/Login?username='xyz'&password='CRQWKrKzCcQVnlhk2zl0j5QM+c5ujQGMv0XXnh4genI=' HTTP/1.1
But in the WebForms-Tab the Password-QueryString already has a whitespace instead of the ‘+’. Same result if I debug that on the Server…
Does anyone of you know why the ‘+’ is replaced?
Are there other invalid characters?
How can I avoid that?
Update/EDIT :
Surprisingly the following query works as expected:
var query = (DataServiceQuery<User>) from c in this.Context.Users
where
c.Username.Equals(username.ToLower()) &&
c.Password.Equals(Cryptography.ComputeSha256Hash(password + username.ToLower()))
select c;
Thanks in advance!
Thanks to Mark Stafford for the Hint.
I’ve now a solution for this problem:
The Query will now look like this:
And on the Server the equivalent unsecaping:
See http://www.codebadger.com/blog/post/2010/08/10/Use-EscapeUriString-instead-of-UrlEncode-for-Silverlight.aspx