473,323 Members | 1,622 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,323 software developers and data experts.

Lots of confusion on SSL

CW
I have run into a lot problems with SSL, and would appreciate some clear
explanations:

(1) Non-SSL links within SSL pages:
In one of my earlier posts, I was having problems with links that should not
have https schemes when links are embedded in an SSL enforced page. One way
was to use absolute URL - which is a deployment nightmare. The other
alternative is to use SSL within the whole site structure - which I
understand would unnecessarily burden the server. Another method was to turn
all links into server controls and then change the scheme in page load
event. None of the methods seem to be an ideal solution.

I did find a solution - by combining code behind and non-code behind <% %>
block for the same webform. In the SSL enabled webforms, any
href="relative.aspx" would be replaced by href='<"http" &
%=reformatfunction("relative.aspx")%>' where reformatfunction would take a
relative url and turn into a full url, and then strips away its https
scheme. In this scenario, my code behind run its normal code without getting
cluttered with a bunch of code just to reformat link hrefs.

(2) Are cookies and authentication tickets preserved across SSL and non-SSL
call boundaries?

I read somewhere that if I go from
https://someserver/somevirtualdr/SSLPage.aspx to
http://someserver/somevirtualdr/NonSSLPage.aspx, (or vice versa) any
response cookies would not be available to one another (i.e., response
cookies set in https page would not be visibel to the http page or vice
versa). This is apparently due to the security model preventing cross domain
scripting. However, in my code, my non-SSL page can access cookies set in
SSL pages and vice versa without any problem. Is this because of a bug in IE
(in which case, I obviously wouldn't want to rely on) or the cross site
scripting issues are totoally unrelated to SSL/non-SSL pages within the same
web application?

(3) On a related note, because I roll my own security using
FormsAuthentication and the authentication ticket, does authentication
ticket gets abandoned across https and http boundary? My whole objective is
to use https only for sign-on/sign-off/recording sensitive informations and
nothing else. In my code, authentication ticket gets passed without any
problem from https to non-https page. Again, I want to confirm this is by
design, not due to any bugs in IE.

Further to the above question, because I use
FormsAuthentication.RedirectFromLoginPage, after signing in (using SSL),
users get redirected to the default.aspx (if ReturnURL is nothing). When
this happens, default.aspx is loaded with SSL (i.e., using https: rather
than http). Is there anyway to prevent the use of SSL on the default page
after the RedirectFromLoginPage method? It's not a big issue, other than
being annoyingly inconsistent.

(4) Netscape 4 has problems with my self-signed SSL certificate?

I use self-signing utility that comes with IIS 6 resource kit to test SSL on
my dev box. When I attempt to connect from a netscape 4 browser, I get "The
security library has encountered an improperly formatted DER-encoded
message" error. Any idea whether it's a problem due to self-signed SSL
certificate or ASP.net/IIS can't handle netscape 4 client using SSL?

(5) Again related to Netscape, has anyone had major issues with Netscape? I
have run into all sorts of problems trying to display pages correctly on NS
6 (kind of reminds of the days when Java was promising write once and run
anywhere when it turned out to be write once and debug everywhere). In
particular, I have problems with header (which are embedded as ascx files in
each and every one of my aspx page). NS 6 sometimes displays the header
correctly (well, formatting is not so great, but at least all the elements
are there), and other times, would miss major elements (such as the image of
a href link). Another really annoying problem is that when I send contents
of file to the NS 6 browser, the save as/open window does open. However,
choosing save as produces no response at all (i.e., file chooser doesn't
come up). Another problem is that NS 4 sometimes hangs with reading file on
the status bar showing. I can't figure out why it hangs. I traced the code
in the page load event without any problem. It hangs after the code exits
the Page_Load event.

All helps are appreciated.

Nov 18 '05 #1
0 1129

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Doug Farrell | last post by:
Hi all, I'm trying to do the following from within a code module: import re # text to match text = "Good morning x something /x, how are you today x something else /x"
1
by: Mathias Mamsch | last post by:
Hi, I have some confusion concerning the weakref module. I am trying to save a weak reference to a bound member function of a class instance for using it as a callback function. But I always...
10
by: AlexS | last post by:
Hi, I wonder if anybody can comment if what I see is normal in FW 1.1 and how to avoid this. I have .Net assembly, which creates literally thousands of temporary strings and other objects...
4
by: JMCN | last post by:
object invalid or no longer set - confusion of the recordset in access 2003. i am currently converting from access 97 to access 2003. majority of the codes converted over perfectly fine, though...
0
by: i_have_control | last post by:
I'd be grateful for any input on this one: I have three web domains. The destinations of two are set to folders on the first, though that fact is transparent to the user (i.e: it does not...
13
by: Steve | last post by:
I have a form with a dataset and a datagrid. I created a dataview on this dataset. When the user modifies the datagrid, I look up this record in the dataview to make sure it is unique. Here is...
10
by: joelagnel | last post by:
hi friends, i've been having this confusion for about a year, i want to know the exact difference between text and binary files. using the fwrite function in c, i wrote 2 bytes of integers in...
1
by: Richard Lewis Haggard | last post by:
I'm having a problem with what appears to be some sort of confusion with references. I have a single solution with a dozen projects which has been working quite nicely for a while. The references...
2
by: Riaaaa | last post by:
Hello, We are doing the project in VB.Net. We had a great confusion for ASP.Net and VB.Net. Is VB.Net project performed in Microsoft Visual Studio 2005 ?? We have...
35
by: RobG | last post by:
Seems developers of mobile applications are pretty much devoted to UA sniffing: <URL: http://wurfl.sourceforge.net/vodafonerant/index.htm > -- Rob
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.