If your calendar contains proprietary or other confidential data that you're providing to your group on an intranet or secure server, you can add a level of security by publishing the calendar with a secure URL.
The secure URL publishing mode uses a secure key to generate a unique hash and expiration time for how long the spud code can be used to access the calendar's spuds.
This makes it possible for visitors to see the secure calendar without providing a password. In addition:
What you can learn in the rest of this topic:
Creating secure URLs is an advanced, developer-level procedure.
This topic describes how you can create secure URLs by using PHP or ASP.Net with C#. The minimum requirements that you must meet before you attempt to create secure URLs are that you:
Note Knowledge of HTML and CSS is also important for creating pages that host secure 25Live Publisher spuds, but it is not sufficient. You must know a server scripting language.
For the ASP.Net+C# example, typically that means Microsoft® Windows, Microsoft IIS, and the ASP.Net 2.0 (or higher) Framework. For PHP, you can use any Web server (for example, Apache) that has PHP installed.
If you do not meet the requirements for creating secure URLs, we recommend that you consult with a Web developer.
Use your secure key and your calendar's web name to replace the placeholder text in secure.aspx or secure.php. This is a file that you download from this topic, which contains ASP.Net or PHP code created by CollegeNET development.
After you get your secure key from 25Live publishing settings, you need to use that key along with your calendar's web name in code that CollegeNET development has created for you to generate the secure URLs.
YOUR KEY GOES HERE
.YOUR WEBNAME GOES HERE
.LIFETIME = 1.0
, change 1.0 to the number of days you prefer.
Tip To set the expiration time to less than a day, use a value smaller than 1.
url
argument (as shown below) to include a call to the CreateSecureHash() function.
Tip If you think the security of your secure URL has been compromised, you can update it with a new secure key. Open the Edit Publish Settings page (as described above). In the Publish Settings section, under Access type, click Change your secure key. When you get the new key, display it, copy it, and then paste it into the code on your web server.
If your use something other than the .Net Framework or PHP for your web server computing environment, you can use your own code to implement secure URLs. However, we strongly recommend that you read the sample code provided by CollegeNET Development because it is a working example of how to generate the secure spuds. This section describes the steps you need to complete.
Get the required parameters
Spud code that you enter in your page to display a calendar that is protected through secure URLs must carry two parameters:
expires
The expires
parameter is a UTC date in yyyyMMddHHmm format. It tells 25Live Publisher how long access to the calendar should be granted with the URL. The default duration is one day.
hash
The hash
parameter is a hexadecimal string that contains the MD5 hash of a query string that you build using your calendar name and the other two required parameters. The query string looks like this:
calendar=webname&expires=expiration&hash=yoursecurekey
Replace the blue placeholder text with the appropriate values. The expires
parameter requires the same date format described in the previous bullet.
Plug the required parameters into the spud code
Once you have an MD5 hash of your query string, you provide the hash and your expires
value to the $Trumba.addSpud() call. These values must appear in string fields on the url parameter.
What follows is an example of an expiration time and hash that have been dynamically generated by a call to the CreateSecureHash() function.
Tip Take a look at the PHP or ASP.Net example code to clarify the above example.
When you create your secure key in the publishing settings, you cannot display your calendar any way other than by going through the process of generating an MD5 hash, as in the procedures above. Using your secure key with a hash
parameter in a static URL will not work.
Your secure key is also stored on the 25Live server in association with your calendar. When a user tries to display your calendar, 25Live Publisher generates an MD5 hash from your secure key. If the MD5 hash generated from 25Live Publisher doesn't match yours, 25Live Publisher cannot display your calendar.