我正在尝试使用自定义blazor页面设置重置令牌。使用生成代币效果良好
var code = await _userManager.GeneratePasswordResetTokenAsync(user);
它生成了以下代码
CfDJ8HVZ73lJc0lGiTBiTdeoRRd//Zc1LM0Q4P+8t7DLaBzwlQ2DuvY2HQ5CWE/E8b3VdlZZYIelpwwrCFz579CeCcQTf+YIPli7KpPTuUpMcTHDs5pAw3XifV7x+5Y/Q6WAPdixXuHE8We9QQRxl7Hnba2vjoJ5fCZ9FMHKpkOq3mxDhgYi/gba2Vse3/R87ztVrisEguYvYQ8h5f2MAVMiCB+H0TakjKjpj2ANAD9wQ2H8
通过邮件发送它需要编码,这可以在这个链接上看到,给我
var callbackUrl = _globals.AppUrl
+ "/user/reset/"
+ System.Web.HttpUtility.UrlEncode(code);
现在邮件发送成功,URL编码成功。然而,当打开页面时,我得到了404.11错误的
The request filtering module is configured to deny a request that contains a double escape sequence.
页面声明:
@page "/user/reset/{Code}"
示例URL:
https://localhost:44303/user/reset/CfDJ8HVZ73lJc0lGiTBiTdeoRRfumtSdRgb46HPXLklW0j42IyjqN8rv%2fapJG158YfIrR7dVRNRF2YxJydegd2CMlvm93FTcjkuBwnVPC3N9AtSigiy8VOqeW1nNrRth73urJ23D0V6M2c%2fzE1%2bTuFs8KbB%2fnCG5CE3UnFXG5HleeA%2fwtlyzLgbP4Zrbi5XZ4Q0w4%2b1j83J%2fXvQUqg%2fO5raSkmcO3cb1TGnDWz%2fwqxW%2fbNOe
问题
ASP核心标识是否包含默认情况下无法通过电子邮件发送的字符?(我假设是"+"字符(。我们能将其排除在外吗?或者是否有其他方法可以操作URL以防止出现此错误。我更喜欢打开双转义字符过滤器,因为它提高了的安全性
编辑
当对整个url进行如下编码时:
var callbackUrl = _globals.AppUrl
+ "/user/reset/"
+ code;
callbackUrl = HtmlEncoder.Default.Encode(callbackUrl);
出现404错误,因为代码包含"/",不适合我的路由
var callbackUrl =
_globals.AppUrl
+ "/user/reset/"
+ code;
**callbackUrl = HtmlEncoder.Default.Encode(callbackUrl);**
**Update for this**
var callbackUrl = _globals.AppUrl
+ "/user/reset/"
+ code;
**callbackUrl = {callbackUrl};**