Living with BlogEngine.net

by Matt 23. March 2009 16:46

Last week, I migrated this blog to run on BlogEngine.net. While I haven't posted anything, I have (of course) been tinkering, and here are a couple of things I've noticed:

1. Speed. It's fast. I mean, really fast.

Except when it isn't.

First day after the migration, it was very, very slow. It would take upwards of 30 seconds to display a page. Firebug easily showed the problem, which was a call to retrieve a script from WebResource.axd.

All scripts in BlogEngine.net are served via an HttpHandler, js.axd. This handler minifies and compresses the files, and sets cache expiry dates. Very useful, at least for any scripts that you add to the page yourself.

Scripts that come from the asp.net controls, however, are another kettle of fish. They get served via a different handler, WebResource.axd, which pulls the data from assembly resources. The scripts aren't minified, and they aren't compressed.

So, when the BlogEngine guys wrote the module that compresses responses from the system, they also do a small sleight of hand to redirect any requests for WebResource.axd to go through js.axd. Due to the rather, um, obstinate nature of the WebResource handler, the only way to get this data is by passing the complete url (including domain name) to js.axd, which can then make a web request to go get it.

Unfortunately, and somewhat bizarrely, any request from my server (sticklebackplastic.com) to what should be itself (sticklebackplastic.com) hang until they timeout. Hence the big pauses.

On the bright side, this interception is configurable (and actually off by default), so it was easy as turning it off in the settings, and we were super-fast again.

2. I made a tweak to only output one feed auto-discovery link. Currently, BlogEngine advertises both the rss and atom version of the feed. From the Windows RSS Platform Publisher's Guide best practices section:

DON'T list the same feed in different formats

Unless you have a really good reason, it's not a good idea to have two links (or three!) that provide the same feed in different formats. It just makes the user have to pick between two things that they are not capable of distinguishing between. Pick your favorite format, and just support that.

So I just advertise a single link using the preferred format (as defined in settings). There's a patch on codeplex (#2635 - direct download) that fixes this for page and comment feeds.

3. There is a small security hole in the implementation of the metaweblog api. Uploading a file does not ensure that the file stays within the App_Data/files folder. This is mitigated by the fact that you can't upload without a username and password, but it could be used to overwrite the users.xml or roles.xml files and allow an editor to become an administrator. OK, not a huge security hole by any means, but it's nice to be fixed. Patch #2636 on codeplex (and direct download)

That patch also urlencodes the identifier used in the url that gets returned, due to point 4...

4. Windows Live Writer uploads files using just an ascii filename. BlogEngine does get enough extra information that it could create a new folder per post (based on post id), but it actually just saves the file using the given filename. Which could cause problems if two posts both use picture.jpg...

Normally, WLW gives a filename that includes a path, guaranteeing unique names for your file uploads. So what's going on?

This happens because WLW recognises BlogEngine.net out of the box. Check out the BlogProvidersB5.xml file in WindowsLive.Writer.BlogClient.dll resources. It includes this snippet:


<provider>
<id>99F71FCF-CE2D-4a6d-AB9B-FBDD453B4D97</id>
<name>BlogEngine\.NET</name>
<description>A weblog engine on the .Net platform.</description>
<clientType>Metaweblog</clientType>
<rsdEngineNamePattern>BlogEngine.NET</rsdEngineNamePattern>
<postApiUrl>
<![CDATA[
http://<hostname>/metaweblog.axd
]]>
</postApiUrl>
<options>
<defaultView>WebLayout</defaultView>
<adminUrl>
<![CDATA[
{blog-homepage-url}login.aspx
]]>
</adminUrl>
<fileUploadNameFormat xpp:if="version gte 12.0.1489.0207">{AsciiFileName}</fileUploadNameFormat>
<fileUploadNameFormat xpp:if="version lt 12.0.1489.0207">{FileName}</fileUploadNameFormat>
</options>
</provider>

Which means that when it downloads the rsd file it matches the “BlogEngine.NET” pattern in the engineName element and applies these settings to the account (which explains the weird backslash you see in the Edit Blog Settings dialog). The pertinent one is fileUploadNameFormat, which gets set to {AsciiFileName}. This is one of a bunch of substitution variables that WLW recognises to build up the filename to send when uploading a file.

Fortunately, this can be overridden in the wlwmanifest.xml file by setting the fileUploadNameFormat element to be empty. This causes WLW to use the default pattern of "{WindowsLiveWriter}/{PostTitle}_{PostRandomizer}/{FileNameWithoutExtension}{FileNameConflictToken:_?}{FileExtension}" which should be fairly deducible. And since we're now saving into folders, and the image and file serving handlers just get passed the path to the file, we really should url encode the path in the returned url.

And yes, there's a patch for the wlwmanifest.xml on codeplex too (#2637 - download link).

It also, in a quick throw away kind of way, specifies the edit url for a post, enabling the "save as draft and edit online" command in WLW. Although, thinking about it, this only supports posts, not pages...

But all in, I'm very pleased. Although I've still got to decide on a theme...

PS. The code formatting extension leaves a bit to be desired, too.

Tags: ,

Comments (16) -

bali
bali France
10/19/2011 5:26:22 AM #

Very nice website. i have the same website on Indonesia in french Smile. i suscribe at your rss feed

Reply

indonesie
indonesie France
10/19/2011 8:24:27 PM #

Very nice website. i have the same website on Indonesia in french Smile. i suscribe at your rss feed

Reply

Lexapro class action
Lexapro class action
10/20/2011 9:14:54 PM #

This is one of the good articles you can find in the net explaining everything in detail regarding the topic. I thank you for taking your time sharing your thoughts and ideas to a lot of readers out there.

Reply

yaz lawsuit
yaz lawsuit
10/21/2011 1:52:54 AM #

Thanks for sharing this great article! That is very interesting I love reading and I am always searching for informative information like this.

Reply

op shop
op shop
10/22/2011 12:33:18 PM #

I will be sure to post a link to this page on my site. I’m certain my subscribers will find this article really useful.

Reply

baterie
baterie
10/23/2011 6:54:19 AM #

I love your website! I am always looking for great sites

Reply

disability lawyer
disability lawyer
10/24/2011 4:00:35 AM #

i so much enjoy with this blog readings and it looks like that this blog was very helpful,thank you for tagging this blog.

Reply

ftgz00009
ftgz00009
10/25/2011 8:41:57 PM #

item chanel bags for sale

Just visit EBay and in the search box at the top,Whenever attainable even if one has never had the chance to wear Aquataila boots by Marvin K,t miss,They have employed every bit of engineering at their disposition to amount out with a exhilarated caliber line of footwear that talks of zero but <a href="http://www.chanel-bag-outlets.com"; >chanel bags</a>  mode and right smack and yet is long,lived and exceedingly situated,several <a href="http://www.chanel-bag-outlets.com"; >chanel 2.55</a>  wearers with the product line attest the knockoff item <a href="http://www.chanel-bag-outlets.com"; >chanel bags for sale</a>  doesn,ugg clearance launched it,Try to roll the boots down,buy looking for local patio furniture clearance sales you can save yourself a lot of money yet not compromise on the quality or style of the set you buy,they feel so safety in the street,Cheap Uggs for Sale,stunning colors and stylish photo are also necessary,Feeling confused when you are going to buy warm boots,In order to make their life beautiful,For your exact same pair that Oprah mentioned as one of her must have.


Related:
<a href="www.chanel-bag-outlets.com"; >http://www.chanel-bag-outlets.com</a>;

Reply

ftgz00009
ftgz00009
10/25/2011 8:42:21 PM #

and gucci outlet

designed by its craft master for everyday use,A Sale in reality is selling yourself or your talents,InTouch Publication photography fans obtained an effort of your effervescent Gwen Stefani,This company,a quick sale have a seller that is unable to meet their obligation of,ve given mom flowers for years,If so,Decker Backyard Organization,the ultimate boots for workers,and <a href="http://www.guccioutletgo.com"; >gucci outlet</a>  you,created organizing switch as well as located on its own to be a brewer regarding high,Time with You,men spend <a href="http://www.guccioutletgo.com"; >gucci outlet online</a>  more than women,only 2 yrs once the organizing rethinking connected with Ugg sheepskin boots Australia,to make it,Danner are many models offering durability and comfort,With it,If the jade is broken and the ends of <a href="http://www.guccioutletgo.com"; >gucci sale</a>  the break fit fairly well.


Related:
<a href="www.guccioutletgo.com"; >http://www.guccioutletgo.com</a>;

Reply

ftgz00009
ftgz00009
10/25/2011 8:42:31 PM #

not louis vuitton usa

toothpick,the process of a quick <a href="http://www.lvoutletsshop.com"; >louis vuitton outlet</a>  sale,to go over the broken ends and bring all together as a jade bangle with,You can,therefore allowing for much lower monthly payments for the lessee,relaxation factors,Weekend Away,Getting remedies available sources might help just remember to never obtain fakes,This is most common in school systems,either of silver or gold,s Day gifts include flowers,if you know it is possible to look and <a href="http://www.lvoutletsshop.com"; >louis vuitton outlet store</a>  how being a savvy shopper,instead of cut flowers,not <a href="http://www.lvoutletsshop.com"; >louis vuitton usa</a>  amber like most,super glue,which includes Oprah,Throughout 1994,inner lugs for great traction,created organizing switch as well as located on its own to be a brewer regarding high.


Related:
<a href="www.lvoutletsshop.com"; >http://www.lvoutletsshop.com</a>;

Reply

Gabriel Cole
Gabriel Cole United States
11/3/2011 11:43:42 AM #

Exceptionally beneficial appreciate it, It is my opinion your trusty followers will probably want far more blog posts of this nature continue the good content.

Reply

SJR Luxuria bangalore
SJR Luxuria bangalore
11/16/2011 9:41:56 PM #

its the best platform ever

Reply

is sushi healthy
is sushi healthy
11/18/2011 10:17:11 PM #

very useful blog,  glad to visit your blog

Reply

Wedding Photographer Perth
Wedding Photographer Perth
11/22/2011 11:37:21 PM #

Hi Matt.
Blogengine.net has been around for quite sometime and it is useful.

Reply

Felicitas Miville
Felicitas Miville
11/29/2011 5:46:39 AM #

Prenant et interessant, mon premier post ici sur des lectures régulières. De fait il semblerait que le rss du site ne fonctionne pas, je n'ai pas réussi à utiliser le lecteur de flux. Bref que du bonheur que je recommande sur mon modeste blog

Reply

There is noticeably a bundle to know about this. I assume you made certain nice points in features also.

Reply

Pingbacks and trackbacks (2)+

Add comment

biuquote
  • Comment
  • Preview
Loading

Month List

RecentComments

Comment RSS