If you have been following my blog you might have seen a previous post titled Secure Blogging… In this entry I talked about the changes I made to BlogEngine.DLL to support SSL connections for MetaWeblogAPI calls. These changes were proposed to Mads for inclusion in the next version of BlogEngine.Net. I was disheartened to learn that 1.4.0 did not include the changes. I decided to press ahead with the upgrade and would follow up with a custom BlogEngine.dll file to include my changes. Unfortunately I haven’t had time to update the core dll file…
Imagine my surprise when I noticed that BlogEngine.Net v1.4.0.4 and above includes the suggested MetaWeblogAPI changes. This is fantastic news! Check it out… You can see the Settings tab now includes the “Require SSL for MetaWeblog API option.
So after upgrading my site you can clearly see that I have upgraded to a later build by connecting to the RSD.AXD address. Here you will see the following details:
<?xml version="1.0" encoding="utf-8" ?>
<rsd version="1.0">
<service>
<engineName>BlogEngine.NET 1.4.0.9</engineName>
<engineLink>http://dotnetblogengine.com</engineLink>
<homePageLink>http://www.dscoduc.com/</homePageLink>
<apis>
<api name="MetaWeblog" preferred="true" apiLink="https://www.dscoduc.com/metaweblog.axd" blogID="http://www.dscoduc.com/" />
<api name="BlogML" preferred="false" apiLink="http://www.dscoduc.com/api/BlogImporter.asmx" blogID="http://www.dscoduc.com/" />
</apis>
</service>
</rsd>The sharp eyes will notice that my MetaWeblog tag includes anapiLink with HTTPS instead of HTTP. Now I can be assured that my password isn’t being sent over the internet in the clear. Sweet!
This is awesome news and I would encourage everyone concerned about sending passwords in clear text to leverage this option. Keep in mind that you will need a SSL certificate on your site for this option to work. To help with that I would recommend looking at some of my previous posts:
