How to enable authorization for rss feed using ASP.NET MVC?

Question

How to enable authorization for rss feed using ASP.NET MVC?

Our store is in the process of converting our internal project management application from ASP.NET Web Forms to ASP.NET MVC.

I would like to provide an RSS feed for our customers about their current problems ... but I would like to do this with some type of authorization, for example. login and password.

Is this possible using ASP.NET MVC or should it be done using some other service like WCF? Sample code will be appreciated .

+4

authorization asp.net-mvc

mattruma Nov 16 '08 at 13:45

source share

2 answers

If private feeds are part of the RSS specification, you should look there for the mechanics of RSS authorization.

I thought about this before for the project and came to the conclusion that secure RSS will never work, because it is not enough to support customers (e.g. google reader).

Sorry, you do not have the full answer, but thought it would help anyway.

0

CVertex Nov 16 '08 at 13:51

source share

anonymous · Accepted Answer · 2008-11-17T02:20:27+0000

I'm not sure about the best way, but I can think of a few, none of them are super, though.

Use IIS Windows Authentication with basic security and implement a verification method, and then flag the RSS action using an authorization filter. If they use an RSS feed that does not allow HTTP authentication, you can still do http: // username: password@mysite.com / controller / action / rss .
Create a token for each client and place it in the URL part: http://mysite.com/controller/action/rss/ {token}. This is not so great.
Put the username / password as part of the route: http://mysite.com/controller/action/rss/ {username} / {password} ... this is pretty terrible though.

They all suck because the password (or token) is visible. Perhaps this is considered good if it is https instead of http. I think the first option + https is pretty common though?

How to enable authorization for rss feed using ASP.NET MVC?

More articles: