Security Dialog box in Internet Explorer

I am facing a strange problem with my web site. Afer reinstalling the web
application on the web server, I am getting a dialog box for each page. The
dialog box has the following information.

"This page contains both secure and nonsecure items. Do you want to display
the nonsecure items."

It was not happening before. I have searched in internet for removing the
dialog box. This is the solution that I got

1) Go to Internet options
2) Click on security Tab
3) Click Custom Level Button
4) Scroll to Miscellaneous Section
5) click on "Disable" radio button for the group Display mixed Content.

AFter doing the above, the dialog box is no more displayed. But my web
application will be access by more than 1000 users and it is very weired to
asked them to do the above settings. I am sure it was working perfectly fine
before. I want to understand this problem very well and troubleshoot it. My
page does not contain any harmful components. It is created in ASP.net and
C#. Even the most simple page is giving me this dialog box.

I am using the internet explorer versino 6.0.2800.1106

It would be great if the experts there could give me any idea why this is
happening. Again, I do not want the client to make modifications to the
options in their internet explorer to get rid of this dialog box.

Thanks in advance

Pradeep_tp

re: Security Dialog box in Internet Explorer

Pradeep,

The most common cause of this and what is meant by "mixed content" is images
that are being linked to via a non-secure address but being displayed on a
secure page (or any other display item being linked to for that matter). If
you are connecting to any page of your web site via an https link then that
page's images src tag should either use use relative links
src="/images/myimage.jpg" so that the full link will be built out via https
or it should contain the full link
src="https://www.mywebsite.com/images/myimage.jpg".

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"pradeep_TP" <pradeepTP@discussions.microsoft.com> wrote in message
news:616DA42B-332A-40F1-BDAE-32D0AEF6A8D9@microsoft.com...[color=blue]
>I am facing a strange problem with my web site. Afer reinstalling the web
> application on the web server, I am getting a dialog box for each page.
> The
> dialog box has the following information.
>
> "This page contains both secure and nonsecure items. Do you want to
> display
> the nonsecure items."
>
> It was not happening before. I have searched in internet for removing the
> dialog box. This is the solution that I got
>
> 1) Go to Internet options
> 2) Click on security Tab
> 3) Click Custom Level Button
> 4) Scroll to Miscellaneous Section
> 5) click on "Disable" radio button for the group Display mixed Content.
>
> AFter doing the above, the dialog box is no more displayed. But my web
> application will be access by more than 1000 users and it is very weired
> to
> asked them to do the above settings. I am sure it was working perfectly
> fine
> before. I want to understand this problem very well and troubleshoot it.
> My
> page does not contain any harmful components. It is created in ASP.net and
> C#. Even the most simple page is giving me this dialog box.
>
> I am using the internet explorer versino 6.0.2800.1106
>
> It would be great if the experts there could give me any idea why this is
> happening. Again, I do not want the client to make modifications to the
> options in their internet explorer to get rid of this dialog box.
>
> Thanks in advance
>
> Pradeep_tp
>
>[/color]

re: Security Dialog box in Internet Explorer

Hi justin,

I have checked the source tag of all the images but did not find any src
attribute pointing to any unsecured URL. "src" attribute is pointing to the
images folder on the same server with "https" protocol. for example all the
image src attribute has the following format.

https://staging.myserver.com/mywebapp/images/home.gif

It would be great if you could throw more light on it.

cheers!!
pradeeptp

"S. Justin Gengo" wrote:
[color=blue]
> Pradeep,
>
> The most common cause of this and what is meant by "mixed content" is images
> that are being linked to via a non-secure address but being displayed on a
> secure page (or any other display item being linked to for that matter). If
> you are connecting to any page of your web site via an https link then that
> page's images src tag should either use use relative links
> src="/images/myimage.jpg" so that the full link will be built out via https
> or it should contain the full link
> src="https://www.mywebsite.com/images/myimage.jpg".
>
> --
> Sincerely,
>
> S. Justin Gengo, MCP
> Web Developer / Programmer
>
> www.aboutfortunate.com
>
> "Out of chaos comes order."
> Nietzsche
> "pradeep_TP" <pradeepTP@discussions.microsoft.com> wrote in message
> news:616DA42B-332A-40F1-BDAE-32D0AEF6A8D9@microsoft.com...[color=green]
> >I am facing a strange problem with my web site. Afer reinstalling the web
> > application on the web server, I am getting a dialog box for each page.
> > The
> > dialog box has the following information.
> >
> > "This page contains both secure and nonsecure items. Do you want to
> > display
> > the nonsecure items."
> >
> > It was not happening before. I have searched in internet for removing the
> > dialog box. This is the solution that I got
> >
> > 1) Go to Internet options
> > 2) Click on security Tab
> > 3) Click Custom Level Button
> > 4) Scroll to Miscellaneous Section
> > 5) click on "Disable" radio button for the group Display mixed Content.
> >
> > AFter doing the above, the dialog box is no more displayed. But my web
> > application will be access by more than 1000 users and it is very weired
> > to
> > asked them to do the above settings. I am sure it was working perfectly
> > fine
> > before. I want to understand this problem very well and troubleshoot it.
> > My
> > page does not contain any harmful components. It is created in ASP.net and
> > C#. Even the most simple page is giving me this dialog box.
> >
> > I am using the internet explorer versino 6.0.2800.1106
> >
> > It would be great if the experts there could give me any idea why this is
> > happening. Again, I do not want the client to make modifications to the
> > options in their internet explorer to get rid of this dialog box.
> >
> > Thanks in advance
> >
> > Pradeep_tp
> >
> >[/color]
>
>
>[/color]

re: Security Dialog box in Internet Explorer

And what if you check the IIS log server side for non HTTPS GETs ?

--
Patrice

"pradeep_TP" <pradeepTP@discussions.microsoft.com> a écrit dans le message
de news:69746B7A-5368-49A2-AAE2-D60AB351592F@microsoft.com...[color=blue]
> Hi justin,
>
> I have checked the source tag of all the images but did not find any src
> attribute pointing to any unsecured URL. "src" attribute is pointing to[/color]
the[color=blue]
> images folder on the same server with "https" protocol. for example all[/color]
the[color=blue]
> image src attribute has the following format.
>
> https://staging.myserver.com/mywebapp/images/home.gif
>
> It would be great if you could throw more light on it.
>
> cheers!!
> pradeeptp
>
> "S. Justin Gengo" wrote:
>[color=green]
> > Pradeep,
> >
> > The most common cause of this and what is meant by "mixed content" is[/color][/color]
images[color=blue][color=green]
> > that are being linked to via a non-secure address but being displayed on[/color][/color]
a[color=blue][color=green]
> > secure page (or any other display item being linked to for that matter).[/color][/color]
If[color=blue][color=green]
> > you are connecting to any page of your web site via an https link then[/color][/color]
that[color=blue][color=green]
> > page's images src tag should either use use relative links
> > src="/images/myimage.jpg" so that the full link will be built out via[/color][/color]
https[color=blue][color=green]
> > or it should contain the full link
> > src="https://www.mywebsite.com/images/myimage.jpg".
> >
> > --
> > Sincerely,
> >
> > S. Justin Gengo, MCP
> > Web Developer / Programmer
> >
> > www.aboutfortunate.com
> >
> > "Out of chaos comes order."
> > Nietzsche
> > "pradeep_TP" <pradeepTP@discussions.microsoft.com> wrote in message
> > news:616DA42B-332A-40F1-BDAE-32D0AEF6A8D9@microsoft.com...[color=darkred]
> > >I am facing a strange problem with my web site. Afer reinstalling the[/color][/color][/color]
web[color=blue][color=green][color=darkred]
> > > application on the web server, I am getting a dialog box for each[/color][/color][/color]
page.[color=blue][color=green][color=darkred]
> > > The
> > > dialog box has the following information.
> > >
> > > "This page contains both secure and nonsecure items. Do you want to
> > > display
> > > the nonsecure items."
> > >
> > > It was not happening before. I have searched in internet for removing[/color][/color][/color]
the[color=blue][color=green][color=darkred]
> > > dialog box. This is the solution that I got
> > >
> > > 1) Go to Internet options
> > > 2) Click on security Tab
> > > 3) Click Custom Level Button
> > > 4) Scroll to Miscellaneous Section
> > > 5) click on "Disable" radio button for the group Display mixed[/color][/color][/color]
Content.[color=blue][color=green][color=darkred]
> > >
> > > AFter doing the above, the dialog box is no more displayed. But my web
> > > application will be access by more than 1000 users and it is very[/color][/color][/color]
weired[color=blue][color=green][color=darkred]
> > > to
> > > asked them to do the above settings. I am sure it was working[/color][/color][/color]
perfectly[color=blue][color=green][color=darkred]
> > > fine
> > > before. I want to understand this problem very well and troubleshoot[/color][/color][/color]
it.[color=blue][color=green][color=darkred]
> > > My
> > > page does not contain any harmful components. It is created in ASP.net[/color][/color][/color]
and[color=blue][color=green][color=darkred]
> > > C#. Even the most simple page is giving me this dialog box.
> > >
> > > I am using the internet explorer versino 6.0.2800.1106
> > >
> > > It would be great if the experts there could give me any idea why this[/color][/color][/color]
is[color=blue][color=green][color=darkred]
> > > happening. Again, I do not want the client to make modifications to[/color][/color][/color]
the[color=blue][color=green][color=darkred]
> > > options in their internet explorer to get rid of this dialog box.
> > >
> > > Thanks in advance
> > >
> > > Pradeep_tp
> > >
> > >[/color]
> >
> >
> >[/color][/color]

re: Security Dialog box in Internet Explorer

hi patrice,

You have given me an interesting clue. So you mean to say that, IIS creates
log for these security warnings. Can you please tell me how can i check IIS
log.

Thanks
pradeep_tp

"Patrice" wrote:
[color=blue]
> And what if you check the IIS log server side for non HTTPS GETs ?
>
> --
> Patrice
>
> "pradeep_TP" <pradeepTP@discussions.microsoft.com> a écrit dans le message
> de news:69746B7A-5368-49A2-AAE2-D60AB351592F@microsoft.com...[color=green]
> > Hi justin,
> >
> > I have checked the source tag of all the images but did not find any src
> > attribute pointing to any unsecured URL. "src" attribute is pointing to[/color]
> the[color=green]
> > images folder on the same server with "https" protocol. for example all[/color]
> the[color=green]
> > image src attribute has the following format.
> >
> > https://staging.myserver.com/mywebapp/images/home.gif
> >
> > It would be great if you could throw more light on it.
> >
> > cheers!!
> > pradeeptp
> >
> > "S. Justin Gengo" wrote:
> >[color=darkred]
> > > Pradeep,
> > >
> > > The most common cause of this and what is meant by "mixed content" is[/color][/color]
> images[color=green][color=darkred]
> > > that are being linked to via a non-secure address but being displayed on[/color][/color]
> a[color=green][color=darkred]
> > > secure page (or any other display item being linked to for that matter).[/color][/color]
> If[color=green][color=darkred]
> > > you are connecting to any page of your web site via an https link then[/color][/color]
> that[color=green][color=darkred]
> > > page's images src tag should either use use relative links
> > > src="/images/myimage.jpg" so that the full link will be built out via[/color][/color]
> https[color=green][color=darkred]
> > > or it should contain the full link
> > > src="https://www.mywebsite.com/images/myimage.jpg".
> > >
> > > --
> > > Sincerely,
> > >
> > > S. Justin Gengo, MCP
> > > Web Developer / Programmer
> > >
> > > www.aboutfortunate.com
> > >
> > > "Out of chaos comes order."
> > > Nietzsche
> > > "pradeep_TP" <pradeepTP@discussions.microsoft.com> wrote in message
> > > news:616DA42B-332A-40F1-BDAE-32D0AEF6A8D9@microsoft.com...
> > > >I am facing a strange problem with my web site. Afer reinstalling the[/color][/color]
> web[color=green][color=darkred]
> > > > application on the web server, I am getting a dialog box for each[/color][/color]
> page.[color=green][color=darkred]
> > > > The
> > > > dialog box has the following information.
> > > >
> > > > "This page contains both secure and nonsecure items. Do you want to
> > > > display
> > > > the nonsecure items."
> > > >
> > > > It was not happening before. I have searched in internet for removing[/color][/color]
> the[color=green][color=darkred]
> > > > dialog box. This is the solution that I got
> > > >
> > > > 1) Go to Internet options
> > > > 2) Click on security Tab
> > > > 3) Click Custom Level Button
> > > > 4) Scroll to Miscellaneous Section
> > > > 5) click on "Disable" radio button for the group Display mixed[/color][/color]
> Content.[color=green][color=darkred]
> > > >
> > > > AFter doing the above, the dialog box is no more displayed. But my web
> > > > application will be access by more than 1000 users and it is very[/color][/color]
> weired[color=green][color=darkred]
> > > > to
> > > > asked them to do the above settings. I am sure it was working[/color][/color]
> perfectly[color=green][color=darkred]
> > > > fine
> > > > before. I want to understand this problem very well and troubleshoot[/color][/color]
> it.[color=green][color=darkred]
> > > > My
> > > > page does not contain any harmful components. It is created in ASP.net[/color][/color]
> and[color=green][color=darkred]
> > > > C#. Even the most simple page is giving me this dialog box.
> > > >
> > > > I am using the internet explorer versino 6.0.2800.1106
> > > >
> > > > It would be great if the experts there could give me any idea why this[/color][/color]
> is[color=green][color=darkred]
> > > > happening. Again, I do not want the client to make modifications to[/color][/color]
> the[color=green][color=darkred]
> > > > options in their internet explorer to get rid of this dialog box.
> > > >
> > > > Thanks in advance
> > > >
> > > > Pradeep_tp
> > > >
> > > >
> > >
> > >
> > >[/color][/color]
>
>
>[/color]

re: Security Dialog box in Internet Explorer

Pradeep,

Patrice is steering you in the correct direction. If you images aren't the
cause of the problem then some other link/object is. And the logs are the
quickest way to find them. IIS automatically logs all requests to the
server. How your server is set up will make a difference on where those logs
may be stored. Do you have full access to your server or are you using a
hosting company?

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"pradeep_TP" <pradeepTP@discussions.microsoft.com> wrote in message
news:AF546F5C-3F23-41CD-A1DA-5C75D8023CE0@microsoft.com...[color=blue]
> hi patrice,
>
> You have given me an interesting clue. So you mean to say that, IIS
> creates
> log for these security warnings. Can you please tell me how can i check
> IIS
> log.
>
> Thanks
> pradeep_tp
>
> "Patrice" wrote:
>[color=green]
>> And what if you check the IIS log server side for non HTTPS GETs ?
>>
>> --
>> Patrice
>>
>> "pradeep_TP" <pradeepTP@discussions.microsoft.com> a écrit dans le
>> message
>> de news:69746B7A-5368-49A2-AAE2-D60AB351592F@microsoft.com...[color=darkred]
>> > Hi justin,
>> >
>> > I have checked the source tag of all the images but did not find any
>> > src
>> > attribute pointing to any unsecured URL. "src" attribute is pointing to[/color]
>> the[color=darkred]
>> > images folder on the same server with "https" protocol. for example
>> > all[/color]
>> the[color=darkred]
>> > image src attribute has the following format.
>> >
>> > https://staging.myserver.com/mywebapp/images/home.gif
>> >
>> > It would be great if you could throw more light on it.
>> >
>> > cheers!!
>> > pradeeptp
>> >
>> > "S. Justin Gengo" wrote:
>> >
>> > > Pradeep,
>> > >
>> > > The most common cause of this and what is meant by "mixed content" is[/color]
>> images[color=darkred]
>> > > that are being linked to via a non-secure address but being displayed
>> > > on[/color]
>> a[color=darkred]
>> > > secure page (or any other display item being linked to for that
>> > > matter).[/color]
>> If[color=darkred]
>> > > you are connecting to any page of your web site via an https link
>> > > then[/color]
>> that[color=darkred]
>> > > page's images src tag should either use use relative links
>> > > src="/images/myimage.jpg" so that the full link will be built out via[/color]
>> https[color=darkred]
>> > > or it should contain the full link
>> > > src="https://www.mywebsite.com/images/myimage.jpg".
>> > >
>> > > --
>> > > Sincerely,
>> > >
>> > > S. Justin Gengo, MCP
>> > > Web Developer / Programmer
>> > >
>> > > www.aboutfortunate.com
>> > >
>> > > "Out of chaos comes order."
>> > > Nietzsche
>> > > "pradeep_TP" <pradeepTP@discussions.microsoft.com> wrote in message
>> > > news:616DA42B-332A-40F1-BDAE-32D0AEF6A8D9@microsoft.com...
>> > > >I am facing a strange problem with my web site. Afer reinstalling
>> > > >the[/color]
>> web[color=darkred]
>> > > > application on the web server, I am getting a dialog box for each[/color]
>> page.[color=darkred]
>> > > > The
>> > > > dialog box has the following information.
>> > > >
>> > > > "This page contains both secure and nonsecure items. Do you want to
>> > > > display
>> > > > the nonsecure items."
>> > > >
>> > > > It was not happening before. I have searched in internet for
>> > > > removing[/color]
>> the[color=darkred]
>> > > > dialog box. This is the solution that I got
>> > > >
>> > > > 1) Go to Internet options
>> > > > 2) Click on security Tab
>> > > > 3) Click Custom Level Button
>> > > > 4) Scroll to Miscellaneous Section
>> > > > 5) click on "Disable" radio button for the group Display mixed[/color]
>> Content.[color=darkred]
>> > > >
>> > > > AFter doing the above, the dialog box is no more displayed. But my
>> > > > web
>> > > > application will be access by more than 1000 users and it is very[/color]
>> weired[color=darkred]
>> > > > to
>> > > > asked them to do the above settings. I am sure it was working[/color]
>> perfectly[color=darkred]
>> > > > fine
>> > > > before. I want to understand this problem very well and
>> > > > troubleshoot[/color]
>> it.[color=darkred]
>> > > > My
>> > > > page does not contain any harmful components. It is created in
>> > > > ASP.net[/color]
>> and[color=darkred]
>> > > > C#. Even the most simple page is giving me this dialog box.
>> > > >
>> > > > I am using the internet explorer versino 6.0.2800.1106
>> > > >
>> > > > It would be great if the experts there could give me any idea why
>> > > > this[/color]
>> is[color=darkred]
>> > > > happening. Again, I do not want the client to make modifications to[/color]
>> the[color=darkred]
>> > > > options in their internet explorer to get rid of this dialog box.
>> > > >
>> > > > Thanks in advance
>> > > >
>> > > > Pradeep_tp
>> > > >
>> > > >
>> > >
>> > >
>> > >[/color]
>>
>>
>>[/color][/color]

re: Security Dialog box in Internet Explorer

No it doesn't record this directly. Basically it records all HTTP(S)
requests sent to the server. You have a log for each website under
system32\logfiles. See
http://support.microsoft.com/default...300390&sd=tech for
details...

In the log, the "port" column should be 80 for HTTP and 443 for HTTPS. It
will allow easily to see which resources are accessed using HTTP instead of
HTTPS as it seems you can't find them from the HTML markup (or double check
the CSS files, or possible IFRAMEs).

---
Patrice

"pradeep_TP" <pradeepTP@discussions.microsoft.com> a écrit dans le message
de news:AF546F5C-3F23-41CD-A1DA-5C75D8023CE0@microsoft.com...[color=blue]
> hi patrice,
>
> You have given me an interesting clue. So you mean to say that, IIS[/color]
creates[color=blue]
> log for these security warnings. Can you please tell me how can i check[/color]
IIS[color=blue]
> log.
>
> Thanks
> pradeep_tp
>
> "Patrice" wrote:
>[color=green]
> > And what if you check the IIS log server side for non HTTPS GETs ?
> >
> > --
> > Patrice
> >
> > "pradeep_TP" <pradeepTP@discussions.microsoft.com> a écrit dans le[/color][/color]
message[color=blue][color=green]
> > de news:69746B7A-5368-49A2-AAE2-D60AB351592F@microsoft.com...[color=darkred]
> > > Hi justin,
> > >
> > > I have checked the source tag of all the images but did not find any[/color][/color][/color]
src[color=blue][color=green][color=darkred]
> > > attribute pointing to any unsecured URL. "src" attribute is pointing[/color][/color][/color]
to[color=blue][color=green]
> > the[color=darkred]
> > > images folder on the same server with "https" protocol. for example[/color][/color][/color]
all[color=blue][color=green]
> > the[color=darkred]
> > > image src attribute has the following format.
> > >
> > > https://staging.myserver.com/mywebapp/images/home.gif
> > >
> > > It would be great if you could throw more light on it.
> > >
> > > cheers!!
> > > pradeeptp
> > >
> > > "S. Justin Gengo" wrote:
> > >
> > > > Pradeep,
> > > >
> > > > The most common cause of this and what is meant by "mixed content"[/color][/color][/color]
is[color=blue][color=green]
> > images[color=darkred]
> > > > that are being linked to via a non-secure address but being[/color][/color][/color]
displayed on[color=blue][color=green]
> > a[color=darkred]
> > > > secure page (or any other display item being linked to for that[/color][/color][/color]
matter).[color=blue][color=green]
> > If[color=darkred]
> > > > you are connecting to any page of your web site via an https link[/color][/color][/color]
then[color=blue][color=green]
> > that[color=darkred]
> > > > page's images src tag should either use use relative links
> > > > src="/images/myimage.jpg" so that the full link will be built out[/color][/color][/color]
via[color=blue][color=green]
> > https[color=darkred]
> > > > or it should contain the full link
> > > > src="https://www.mywebsite.com/images/myimage.jpg".
> > > >
> > > > --
> > > > Sincerely,
> > > >
> > > > S. Justin Gengo, MCP
> > > > Web Developer / Programmer
> > > >
> > > > www.aboutfortunate.com
> > > >
> > > > "Out of chaos comes order."
> > > > Nietzsche
> > > > "pradeep_TP" <pradeepTP@discussions.microsoft.com> wrote in message
> > > > news:616DA42B-332A-40F1-BDAE-32D0AEF6A8D9@microsoft.com...
> > > > >I am facing a strange problem with my web site. Afer reinstalling[/color][/color][/color]
the[color=blue][color=green]
> > web[color=darkred]
> > > > > application on the web server, I am getting a dialog box for each[/color]
> > page.[color=darkred]
> > > > > The
> > > > > dialog box has the following information.
> > > > >
> > > > > "This page contains both secure and nonsecure items. Do you want[/color][/color][/color]
to[color=blue][color=green][color=darkred]
> > > > > display
> > > > > the nonsecure items."
> > > > >
> > > > > It was not happening before. I have searched in internet for[/color][/color][/color]
removing[color=blue][color=green]
> > the[color=darkred]
> > > > > dialog box. This is the solution that I got
> > > > >
> > > > > 1) Go to Internet options
> > > > > 2) Click on security Tab
> > > > > 3) Click Custom Level Button
> > > > > 4) Scroll to Miscellaneous Section
> > > > > 5) click on "Disable" radio button for the group Display mixed[/color]
> > Content.[color=darkred]
> > > > >
> > > > > AFter doing the above, the dialog box is no more displayed. But my[/color][/color][/color]
web[color=blue][color=green][color=darkred]
> > > > > application will be access by more than 1000 users and it is very[/color]
> > weired[color=darkred]
> > > > > to
> > > > > asked them to do the above settings. I am sure it was working[/color]
> > perfectly[color=darkred]
> > > > > fine
> > > > > before. I want to understand this problem very well and[/color][/color][/color]
troubleshoot[color=blue][color=green]
> > it.[color=darkred]
> > > > > My
> > > > > page does not contain any harmful components. It is created in[/color][/color][/color]
ASP.net[color=blue][color=green]
> > and[color=darkred]
> > > > > C#. Even the most simple page is giving me this dialog box.
> > > > >
> > > > > I am using the internet explorer versino 6.0.2800.1106
> > > > >
> > > > > It would be great if the experts there could give me any idea why[/color][/color][/color]
this[color=blue][color=green]
> > is[color=darkred]
> > > > > happening. Again, I do not want the client to make modifications[/color][/color][/color]
to[color=blue][color=green]
> > the[color=darkred]
> > > > > options in their internet explorer to get rid of this dialog box.
> > > > >
> > > > > Thanks in advance
> > > > >
> > > > > Pradeep_tp
> > > > >
> > > > >
> > > >
> > > >
> > > >[/color]
> >
> >
> >[/color][/color]