Implementing Security for Rss Feeds

Question

A)I want to be able to support password protection of my RSS feeds through the following authentication methods:

HTTP Basic Integrated Windows (NTLM/Kerberos) Digest

1)How can i do that in asp.net mvc

B) Reading over the RSS 2.0 specification, I saw nothing related to security, so I assume that security implemented for the RSS feed is handled on one end by the web server handling the HTTP request for the RSS feed, and on the other end by the client requesting access to the RSS feed. The client should collect a user name and password, and put that information into the request to the server. I'm curious to know how (or if) sites like UserLand, or ASP.NET Weblogs offer password protected RSS feeds, and on the other side of the fence, how are RSS aggregators like NewsGator, NewzCrawler, SharpReader, etc. handling password protected RSS feeds?

Answer 1

RSS does not have any security built in. You can harness ASP.NET MVC by creating a custom ActionResult, which can provide authentication, this is with forms authentication, but you can see the idea.

public class RssActionResult : ActionResult
{
    public SyndicationFeed Feed { get;set; }

    public override void ExecuteResult(ControllerContext context)
    {
        if (context.HttpContext.Current.User.Identity.IsAuthenticated)
        {
            context.HttpContext.Response.ContentType = "application/rss+xml";
            Rss20FeedFormatter rssFormatter = new Rss20FeedFormatter(Feed);
            using (XmlWriter writer = XmlWriter.Create(context.HttpContext.Response.Output))
            {
                rssFormatter.WriteTo(writer);
            }
        }
        else
        {
            //Whatever, not authenticated
        }
    }
}