{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 甜甜的少女心 的问题《How to allow authorization to an rss feed using AS》','https://www.manongdao.com/q-582866.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Our shop is in the process of converting our internal project management application from ASP.NET Web Forms to ASP.NET MVC.
I would like to provide an RSS feed for our customers of their current open issues ... but I would like to do so with some type of authorization, e.g. login and a password.
Is this possible using ASP.NET MVC or should this be done through some other service like WCF? Sample code would be much appreciated.
If private feeds are part of the RSS spec, you should look there for the mechanics of RSS auth.
I've thought about this before for a project and came to the conclusion that secure RSS will never work because not enough clients (e.g. google reader) support it.
Sorry, don't have a complete answer, but thought this might help anyway.
I'm not sure of the best way, but can think of a few, none are super great though.
Use IIS WindowsAuthentication with basic security and implement the validation method and then mark the RSS action with an authorize filter. If they are using an RSS feeder that doesn't allow http authentication, you should still be able to do http://username:password@mysite.com/controller/action/rss.
Generate a token for each customer and place it in part of the url: http://mysite.com/controller/action/rss/{token}. This isn't that great.
Put the username/password as part of the route: http://mysite.com/controller/action/rss/{username}/{password} ... this is pretty horrible though.
All of them kinda suck because the password (or token) is url visible. Maybe that is considered okay if it is https instead of http though. I think the first option + https is pretty common though?