Introduction
Web-logging, also known as blogging, is a new technology that allows you to publish your ideas to the world quickly. This has been a trend for the last several months. This article will show you how to post blogs to LiveJournal.com programmatically using C#, so that you can implement the functionality in your own application.
You need some familiarization with C# in order to understand the code.
Background
LiveJournal.com is one of the most popular free blog hosts today. That's why I chose this as code sample, because more people can benefit from it. You can always get a free LiveJournal blog account here.
The code provided here allows you to blog programmatically. You can go straight to the code. However, I would also like to show you how it works behind the scene.
You are probably familiar with blogging. If you are not, let me take you through the process of blogging, step-by-step using your mouse and keyboard.
In general, these are the steps you need to do, to blog manually:
- Go to the blog host's homepage.
- Log-in using your username and password (i.e., "my_favorite_username" and "my_favorite_password").
- Enter your blog's subject and your blog's body (i.e., "This is a title." and "This is a message body."), click Submit.
- Check your blog (i.e., going to http://www.livejournal.com/users/your_favorite_username/).
The fact is, only 2nd and 3rd are necessary in the code. These are the two major steps, in which you have to send data to the blog host.
So, what's behind the scene?
Here are the steps performed by your browser, and the code I am going to provide does the following using C#:
- Send a
HttpWebRequest including username and password.
- Receive a password validation response from the blog server.
- If log-in is successful, store the response's cookies.
- Send another
HttpWebRequest including the previously stored cookies, a blog title and a message body.
Using the code
I will show you the most important section of the code. This block of code allows you to send your username and password to the blog server, i.e. the log-in process. After successfully logging-in, you may use similar code to send the blog title and the message body to the blog server. Comments have been added to the code:
public bool Login(string username, string password)
{
try
{
string url =
string.Format("http://www.livejournal.com/login.bml");
HttpWebRequest request =
(HttpWebRequest) WebRequest.Create(url);
request.UserAgent = "Mozilla/5.0 (Windows; U; "
+ "Windows NT 5.1; en-US; rv:1.7) "
+ "Gecko/20040707 Firefox/0.9.2";
request.Method = "POST";
request.Accept =
"text/xml,application/xml,application/xhtml+xml,"
+ "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
request.KeepAlive = true;
request.ContentType = @"application/x-www-form-urlencoded";
request.Referer =
string.Format("http://www.livejournal.com/login.bml?nojs=1");
request.CookieContainer = cookieContainer;
string postData =
string.Format("response=&user={0}&"
+ "password={1}&expire=close&"
+ "bindip=no&action%3Alogin=Log+in...", username,"
+ " password);
request.Method="POST";
byte [] postBuffer =
System.Text.Encoding.GetEncoding(1252).GetBytes(postData);
request.ContentLength = postBuffer.Length;
Stream postDataStream = request.GetRequestStream();
postDataStream.Write(postBuffer,0,postBuffer.Length);
postDataStream.Close();
HttpWebResponse response =
(HttpWebResponse) request.GetResponse();
response.Cookies =
request.CookieContainer.GetCookies(request.RequestUri);
Cookies.Add(response.Cookies);
Encoding enc = System.Text.Encoding.UTF8;
StreamReader responseStream =
new StreamReader(response.GetResponseStream(), enc, true);
string responseHtml = responseStream.ReadToEnd();
response.Close();
responseStream.Close();
foreach (Cookie c in response.Cookies)
{
Debug.WriteLine(string.Format("{0}: {1}", c.Name, c.Value));
}
string successString =
"you are now logged in to LiveJournal.com";
if (responseHtml.IndexOf(successString) >= 0)
{
return true;
}
else
{
return false;
}
}
catch (Exception)
{
return false;
}
}
And here is the code, to call this function in my main application:
static void Main(string[] args)
{
string username = "YOUR LIVEJOURNAL USERNAME";
string password = "YOUR LIVEJOURNAL PASSWORD";
string subject = "This is subject";
string body = "This is a message body";
LiveJournal lj = new LiveJournal();
if (lj.Login(username, password))
{
lj.AddBlog(subject, body);
System.Console.WriteLine("Blog successfully!");
}
else
{
System.Console.WriteLine("Blog failed");
}
System.Console.WriteLine("Press any key to close the application...");
System.Console.ReadLine();
}
The sample source file, you downloaded from the above link, shows the complete code and, how everything works together.
Points of Interest
You probably must have wondered, if the same code works on other blog servers, the answer is yes and no. Yes, it can, but you have to change some code. For example, the data being sent to different blog servers are different. You need to have some network level programming knowledge in order to get these done. There are programs to help you, such as Ethereal or Paros.
Security Notes
There are several points worth mentioning. While you may find the code useful because you can add blogging functionalities to your e-mail clients and instant messenger clients, this (along with some creativity and imagination) can be misused and it can cause security threats:
- Spoofing Identity: Adversary can brute force username and password programmatically, possibly using dictionary attack.
- Tampering of Data: Adversary can change the content of cookies and session keys. This is also known as cookie poisoning.
- Information Disclosure: Adversary can collect information about how data is passed between pages.
- Denial of Service: Adversary can create arbitrary number of threads to log in at the same time, thus consuming all of server resources.
- Elevation of Privilege: Adversary may be able to change request type, to carry out operations which may not be permitted to that user account. For example, the adversary might inject HTML tags that are supposed to be restricted by the client browser.
Questions?
It is difficult for me, to try to explain everything. Please ask me, if there is anything that is not clear. I will try to answer them as clearly as possible.
