ASP.NET Core 2.2 Web API project: implement email confirmation callback url using endpoint

Question

I am trying to do something a little different to the examples provided by Microsoft (docs) with regards to generating a confirmation token and then sending out a confirmation email link to the user.

Currently I have a few steps in an CreateUserAsync controller method that creates a user, if successful generates an email confirmation token (using the GenerateEmailConfirmationTokenAsync method) - all is well to this point a seemingly valid token is generated.

Then next step is to generate a confirmation email link (using properties like Request.Scheme, Request.Host etc) which is emailed to the user using SendGrid (configured as per the Microsoft documentation) - again this step works great I am able to see a test email appear in an test Gmail account.

The problem seems to be the code (Token) that is generated - I tried using WebUtility's UrlEncode method but this does nothing to the token it remains the same and when I tried to test the URL I got a message:

The request filtering module is configured to deny a request that contains a double escape sequence

Any suggestions how I could implement the above in a Web API project (as apposed to the example on the Microsoft Doc site: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/accconfirm?view=aspnetcore-2.2&tabs=visual-studio).

Answer 1

I resolved this by changing the POST to a GET and using the [FromQuery] attribute to enable me to generate a more traditional query string parameter style URL which provides the necessary query string parameter values.

I had to also ensure I was encoding the email confirmation token when I was creating the confirmation URL using WebUtility.EncodeUrl method but I found with ASP.NET Core my controller method (that has the [FromQuery] attribute) was decoding the incoming string so I didn't need to decode on arrival - but this could be a feature in the latest version of ASP.NET Core 2.2 that I am using.