BlogEngine.NET API

Topics: ASP.NET 2.0, Business Logic Layer, Controls
Jan 9, 2012 at 6:31 AM

Greetings all,

First off, congrats to the authors of BlogEngine.NET for the job well-done.  Good stuff!

I need to interact with its APIs using c#.  I need to dynamically create a user, give rights to that user, able to edit the user, etc.  I also need to be able to dynamically add posts and discussions to the blog in addition to being able to change some settings like blog name and logo.  

I see that we have an array of web services in the api dirctory.  Nice!  I got to work and I created a project in VS2008 and created a reference to UserServices.asmx.  At the basic level, I tried to create a user using the "Add" method and doesn't matter what I do I get authentication error ("Not Authorized") with "Success" being "False."  Below is code nippet that I used.  What am I doing wrong please?  The instance of the blog engine is brand-new so I'm using the default admin, admin for the user name and login.

Interesting enough, if I do a GET on the web services WITHOUT username and password, I was able to create a user.  So I tried creating a user without supplying username and password but I got the same "Not Authorized" error.

 Is there an "API document" with some code samples out there?  If so, a link to it would be just awesome.  Thank you in advance for any and all help.


 static void Main(string[] args)
            string [] roles = new string[1];
            roles[0]= "Administrator";
            org.mydomain.www.UserService ua = new;
            ua.Credentials = new System.Net.NetworkCredential("admin", "admin");

           org.mydomain.www.JsonResponse jres =  ua.Add("newuser","newuserpassword","",roles);







Jan 9, 2012 at 1:04 PM

Those API methods are mainly intended to be called from JavaScript, and not as a web service are you are attempting to do.  The user is authenticated based on a Forms authentication cookie ... when they log on beforehand.  When you call the web service like that, there is no Forms authentication cookie, so Add() won't actually add any user since the request won't be considered authenticated.  The NetworkCredential you are passing is more for Windows authentication which is not the same as Forms authentication.

I suppose it could be possible for the Security system in BE to look at the NetworkCredential being passed in and treat this as a form of authentication.  Because BE handles the authentication process itself in its Security module and doesn't just rely on the built-in Forms authentication, making this work is probably a possibility.

As it is now, however, these API calls are designed to be used in AJAX scenarios where a forms authentication cookie is present.

Jan 9, 2012 at 3:34 PM

Thank you Ben.  I guess I could write my webservice and put my own authentication there and, in this newly web service, I just call the BE API methods that I want like "createuser" and such.  That may work.  But one feature that I was planning to implement was single signon.  Let's say I have a portal and in that portal there is a link to BE site.  My users already authenticated themseleves on my portal.  It would be sweet if my users can click on the BE link and get logged without entering their user name and password again.  If we are doing Form Authentication, then I assume we have to match BE cookie with my site authentication cookie.  Would you happen to know if this would work with my portal and BE being on separate IIS application?


Thanks again.


Jan 10, 2012 at 4:41 PM

You could match the cookie names, as you suggested.  In that case, probably the machineKey in the web.config files on both sites also need to match.

Another approach would be to have an HTTP module in BE that looks for a cookie from your main site, and if found, it could "auto log-in" the user into BE ... by programmatically logging the person into BE.  You could auto log them into a generic BE user account, or a BE user account that already exists for them, etc.