Hotmail Exposed: Access Hotmail using C# (Page 1 of 5 )
Hotmail is probably the most popular e-mailing facility found on the web today. Millions of people around the world use it for everyday communication with friends and relatives. The main reason for its popularity is the fact that you can use the service absolutely free of charge. Users are able to read their emails daily using a web interface and there is a client program available, called Outlook Express, which most people will only use at home.
Only these two methods are officially available to read mail from your Hotmail account. This is strange because Outlook Express is not the safest client to use for reading emails, especially the spam-sensitive Hotmail accounts. Secondly, web-mail is generally considered to be an annoyance that is only there to offer access to your account from locations such as schools and public internet access points.
No longer! This document will enable you to build your own client, using a sure and solid way to communicate with Hotmail in the same way as Outlook does. It will be shown how the protocol can be used to your own advantage; it isnít at all hard to understand either.
To build a working client we will need to know about the way Outlook communicates with Hotmail. The protocol that is being used is called Httpmail. Even when completely unfamiliar with this protocol, it is not hard to understand. It looks like an XML structure in which some elements are placed that you want to find. The server will respond with the same kind of structure with the queried elements filled with information. I will not start explaining how the protocol looks, if you want to find out itís available from http://jhttpmail.sourceforge.net/httpmail.html.
Now that the manner of communication is clear, there are some other things that need clarification. For instance; how do we authenticate ourselves, and how the heck are we going to implement such authentication? Usually this will mean calculating hashes and keeping passwords in a safe place. At first sight this could seem like an enormous task to implement. As you will see, it turns out to be not so difficult at all.
After a review of the SourceForge article a few things are noticeably interesting. The authentication is done via Http headers and is described in an RFC (2617). Itís even called HTTP authentication, meaning there have got to be some classes in the .NET Framework that are able to do that! To parse the response in a safe manner, we will make use of XPath, it should be up to the job and there are classes available for that too!