I need to build a secure document management web application, which will be accessible from intranet and internet. One of the main requirements is to open all office files within the browser and I've decided to use office web app, because we already have a license.
I am struggling to find a way to secure the documents. Office Web Apps needs the files to be accessible via HTTP i.e. http://owa.server/op/view.aspx?src=http://myapplication/Content/test.xlsx without being behind any sort of authentication.
The document management application implements users, roles and permissions, but anyone who has the link above or direct link to the document http://myapplication/Content/test.xlsx could access the files.
How can I implement authentication for office web apps, when opening a document and secure the content folder of my application to restrict unauthorized access?