ASP.NET MVC: How to Add Authentication to RSS Feeds?
I've seen several examples of creating RSS feeds using ASP.NET MVC, either by creating an Action or through an HttpHandler.
I need to authenticate feeds and I am wondering how to do this (and supported by RSS readers, not just view the page / xml through a browser) and how could the authentication differ between MVC Action or HttpHandler?
a source to share
There are several ways to do this.
The best approach, in my opinion, is to use a REST architecture with credentials both in path and post data (preferred 1st approach).
1st approach:
Step1: GET http://www.myserver.com/myfeed.rss/username/query => this should return a random value Step 2: GET http://www.myserver.com/myfeed.ress/username/hashed-password => hashed password expected by the client hash(<random-value>+<password>)
.
This will serve two purposes:
- The original password is never transmitted over the cable
- The random value ensures that the hash is unique and therefore cannot be reused.
You can set an expiration date / time for the username + random value combination with other IP related security actions to ensure that session hijacking is not possible.
EDIT:
Use HTTP handler for path="myfeed.rss"
c verbs="GET"
in web.config
a source to share
The easiest way is to provide each customer with a unique URL. so in this case you will always know who is requesting the feed.
http://site.com/rss/<some_secret_hash_here>
in the other hand - you can use URLs with the default user password: password:
http://user:password@site.com/rss/blabla.xml
and just parse user: password.
I prefer to use the former.
a source to share