Tuesday, October 7, 2003

RSS authentication follow-up

I just did a quick experiment, and discovered a feature of my newsreader (NewzCrawler) that I didn’t know existed: authentication.

Last week, I wrote about RSS authentication, and said that “aggregators and web servers will need to be able to pass authentication information back and forth so that individual subscribers can subscribe to private RSS feeds.”

Well, if only I’d actually tried this out. Using .htaccess, I restricted access to the following directory:


In that folder is one file, an RSS feed. Unless you have the proper username and password, you cannot access that RSS feed. (Try it: username “test”, password “password”.)

I did a little digging, and found this extremely useful summary of the status of aggregators that support RSS authentication (link found via LockerGnome).


  1. Okay, I tried it and it's cool in concept. I was able to log in directy when I clicked on that link (and entered the login/password), but I wasn't able to "subscribe" to the feed in NetNewsWire. I figured I'd be prompted for a login/password, but instead I just got "Can’t display news for this subscription because: The download failed for this subscription. The system reported an error: Domain: HTTP error Type: User cancelled authentication."

    I suppose there is a way to tell NNW to handle this properly. Password protecting an RSS feed is good, but making it easy for the user to get past the aggregator to manuever the login/password is tricker. That's where the rubber meets the road.

  2. Ernie - totally agree. That's an aggregator issue, however. Password protecting the files is standard operating procedure on the web server, so we need to make sure that the tools that evolve to support syndication are suitable to the task. I think private RSS feeds are going to be huge.

  3. FWIW, this works great with NewsGator.