Error HTTP 404.11 passing account activation Token by querystring

Question

I'm trying to implement password reset funcionallity. I use the ASP.NET Identity.

I am using the UserManager.GetConfirmationToken that returns a token like this:

UW/cj4xUj08kiGCntnWs7z1eUcWlyfNczH5IZfvf0ScTi4L1jgdkkus/Zb5ROJOWb%2b1XAVRSiBUvVGnESfEyauDDa4u%2bPDUH6D/CIpwPcFYRvLi%2b%2bq6f%2bRIhKHRTsGMV0y8lXpSZ5VqySWGSSaW9kofGage/IjW4HrvONeEtA4Szov3u7HgmqEUf0yzgivJ0

Then, I compose my URL and I send it by Email to the registered user. The url to activate the account is like this:

http://localhost:4322/Account/Confirm/UW/cj4xUj08kiGCntnWs7z1eUcWlyfNczH5IZfvf0ScTi4L1jgdkkus/Zb5ROJOWb%2b1XAVRSiBUvVGnESfEyauDDa4u%2bPDUH6D/CIpwPcFYRvLi%2b%2bq6f%2bRIhKHRTsGMV0y8lXpSZ5VqySWGSSaW9kofGage/IjW4HrvONeEtA4Szov3u7HgmqEUf0yzgivJ0

When I click, this error occurs:
Error HTTP 404.11 - Double escape sequence issue

Answer 1

You may need to encode URL using httputility.urlencode

Answer 2

The underlying problem here is trying to add confirmation code to the path. Whereas it should be sent via querystring. So it should be like this

http://localhost:4322/Account/Confirm?code=UW/cj4xUj08kiGCntnWs7z1eUcWlyfNczH5IZfvf0ScTi4L1jgdkkus/Zb5ROJOWb%2b1XAVRSiBUvVGnESfEyauDDa4u%2bPDUH6D/CIpwPcFYRvLi%2b%2bq6f%2bRIhKHRTsGMV0y8lXpSZ5VqySWGSSaW9kofGage/IjW4HrvONeEtA4Szov3u7HgmqEUf0yzgivJ0

This will save day whose tries to solve this problem.

I found the answer at this comment : http://blogs.msdn.com/b/webdev/archive/2014/03/20/test-announcing-rtm-of-asp-net-identity-2-0-0.aspx?PageIndex=1#comments Thanks to pranav rostgi

Answer 3

Your token contains / symbols wich are being parsed as a path to some server page. You can either encode it somehow (maybe base64) and use as query string parameter like ...?token=.... Or change token generations so it will contain only good symbols

Answer 4

Make sure you aren't double encoding the token, so you can do something like this to send the email:

                string code = await UserManager.GetConfirmationToken(user.Id);
                var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
                await SendEmailAsync(user.Id, "Confirm your account", "Please confirm your account by clicking this link: <a href=\"" + callbackUrl + "\">link</a>");