ASP.NET MVC - Create RSS feed that requires authentication

Question

Hello, I've created a rudimentary RSSActionResult in ASP.NET MVC to generate an RSS feed based on new items in my ecommerce store - new items, sale items etc. That part was easy and works well.

I would like to go one step further and create a feed that is user specific. For instance - show users new products of interest based on their previous purchase history. This feed is user specific and one normally has to log into their account (asp.net membership) to see this information. My question is, how does membership work on the RSS level? In MVC I can easily create an action filter that requires the user to be logged into the site to subscribe to the feed but I'm not sure if this is possible within a feed reader. When I view the feed in IE8's in-built reader and am not logged into my account I get the following message:

Feeds with DTDs are not supported

Is what i'm trying to do even possible? Any guidance would be much appreciated.

Thanks in advance,

JP

Answer 1

I've never tried it with RSS, but have you tried using the "Authorize attribute"

    [Authorize(Users="Stephen")]
    public RSSActionResult StephenRss()
    {
        return View();
    }

Answer 2

Seems to me that private RSS feeds is a bit of a grey area and support from both newswires and newsreaders is limited. Have a read of this, for example.

This SO question discusses various ways one could implement such service. In order to be 100% compatible, I would just generate a unique token per customer and have them subscribe to that. Considering that actual private info is not exposed (we won't get into de-anonimization discussion), I think this is good enough.

Coupled with rate-limiting to prevent guessing of the token, I think this is an acceptable solution. Also, this can be enabled and disabled by the user for those that are more security conscious.