RSS Security: Password Protection
As a developer, many times things are not as easy as they seem.....yeah, I'm used to that fact now.
For one of the projects I'm currently working on, I've decided I'd like to have an option to enable or disable auto-generated RSS feeds. I would like it if these feeds, when generated, were password protected.
So off I went looking for information on password protecting RSS feeds. Hmmm...not much out there on the subject. It seems that the idea of password protecting RSS feeds is still in it's infancy. So I thought before I spend more time looking for answers, I should define my question and requirements as specifically as possible. Here's what I came up with.
I want to be able to support password protection of my RSS feeds through the following authentication methods:
- HTTP Basic
- Integrated Windows (NTLM/Kerberos)
- Digest
I also would like to be able to support users receiving different feed items based on a permissions/security model of some kind so that I could offer the ability to control who sees the RSS data at the item-level, not just the feed level.
Reading over the RSS 2.0 specification, I saw nothing related to security, so I assume that security implemented for the RSS feed is handled on one end by the web server handling the HTTP request for the RSS feed, and on the other end by the client requesting access to the RSS feed. The client should collect a user name and password, and put that information into the request to the server. I'm curious to know how (or if) sites like UserLand, or ASP.NET Weblogs offer password protected RSS feeds, and on the other side of the fence, how are RSS aggregators like NewsGator, NewzCrawler, SharpReader, etc. handling password protected RSS feeds?