Hello Mike,
In general, GroupDocs.Viewer and its HTTP-handlers in particular don't have an authorization mechanizm - they simply obtain HTTP-request, perform some work (computation, processing etc.) and return a HTTP-response. They do not know and thus do not take into account any authentication tokens like ASP.NET cookie or URL token. That's why answer to your first question is - no, GroupDocs.Viewer don't care IPrincipal on the request.
As we understand, you want to put the web-page, where GroupDocs.Viewer widget is located, under "login/password protection", so only the authorized users can see the documents. In such case you need to create wrappers around all GroupDocs.Viewer HTTP-handlers, which take part in document rendering process. For image-based mode they are: "GetScriptHandler", "GetCssHandler", "ViewDocumentHandler", "LoadFileBrowserTreeDataHandler", "GetImageUrlsHandler", "GetDocumentPageImageHandler", "GetPdf2JavaScriptHandler". For other options like file downloading, printing, rotating etc you also need to wrap "GetFileHandler", "GetPdfWithPrintDialogHandler", "GetPdfWithPrintDialogHandler", "GetPrintableHtmlHandler", "ReorderPageHandler", "RotatePageHandler". For HTML-based rendering you also need several more HTTP-handlers, you can find all of them, for example, here: "
How to use GroupDocs.Viewer for .NET in an ASP.NET Project"
About "GroupdocsViewerController". This controller is designed for ASP.NET MVC projects. For it, you don't need to specify HTTP-handler descriptors in web.config, but need to specify "Viewer.InitRoutes()" method. This method in fact is doing the next:
RouteCollection routes = RouteTable.Routes;
routes.MapRoute(
null,
"document-viewer/{action}",
new { controller = "GroupdocsViewer" }
);
So, in such case, for "overriding" original controller you need not to use "Viewer.InitRoutes()" method, but specify routes on one's own.
This way may be considered as a little bit harder, and it is not described in the manual, so you can use HTTP-handlers in MVC project without issues: just don't forget to specify ".UseHttpHandlers(true)" in the script loader helper
parameters.
Best regards.