Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Implementing Security for Rss Feeds

A)I want to be able to support password protection of my RSS feeds through the following authentication methods:

HTTP Basic Integrated Windows (NTLM/Kerberos) Digest

1)How can i do that in asp.net mvc

B) Reading over the RSS 2.0 specification, I saw nothing related to security, so I assume that security implemented for the RSS feed is handled on one end by the web server handling the HTTP request for the RSS feed, and on the other end by the client requesting access to the RSS feed. The client should collect a user name and password, and put that information into the request to the server. I'm curious to know how (or if) sites like UserLand, or ASP.NET Weblogs offer password protected RSS feeds, and on the other side of the fence, how are RSS aggregators like NewsGator, NewzCrawler, SharpReader, etc. handling password protected RSS feeds?

like image 454
Sagar Avatar asked Nov 05 '22 15:11

Sagar


1 Answers

RSS does not have any security built in. You can harness ASP.NET MVC by creating a custom ActionResult, which can provide authentication, this is with forms authentication, but you can see the idea.

public class RssActionResult : ActionResult
{
    public SyndicationFeed Feed { get;set; }

    public override void ExecuteResult(ControllerContext context)
    {
        if (context.HttpContext.Current.User.Identity.IsAuthenticated)
        {
            context.HttpContext.Response.ContentType = "application/rss+xml";
            Rss20FeedFormatter rssFormatter = new Rss20FeedFormatter(Feed);
            using (XmlWriter writer = XmlWriter.Create(context.HttpContext.Response.Output))
            {
                rssFormatter.WriteTo(writer);
            }
        }
        else
        {
            //Whatever, not authenticated
        }
    }
}
like image 140
Dustin Laine Avatar answered Nov 14 '22 21:11

Dustin Laine