473,320 Members | 1,949 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Non secure items on SSL in asp.net

I created a project and it looks like everything is loading under HTTPS on
all the pages perfectly except one page that it loads saying that the page
contains both secure and non secure items... how would i check to see which
items are loading that are insecure on IIS? the page is writen in ASP.NET, I
know exactly which control is doing it (a custom writen one) but i cant seem
to figure out what in the control is doing it... is there logs or anything i
can debug to figure out what is causing this dialog to load asking if i want
to load the insecure items or not? thanks (in SSL connections the source
code is unviewable so i cant do it the easy way out)
Nov 18 '05 #1
7 1963
Brian,

Looking at the server side of things won't necessarily help you since the
item that is not being requested over https doens't necessarily come from
your site. A better approach is to look at the html source on the client,
which should be human-readable even if it's been loaded over https. The
kinds of things that might be causing the problem are:

1. Any request over http. A simple search for "http:" (without the quotes)
should reveal this.
2. Any frame, iframe, or img tags with a blank or unspecified src
attribute.
3. Any use of "about:____" pages. An example of this would be a frame
whose src attribute is set to "about:blank".

HTH,
Nicole
"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:eQ**************@TK2MSFTNGP09.phx.gbl...
I created a project and it looks like everything is loading under HTTPS on
all the pages perfectly except one page that it loads saying that the page
contains both secure and non secure items... how would i check to see
which
items are loading that are insecure on IIS? the page is writen in ASP.NET,
I
know exactly which control is doing it (a custom writen one) but i cant
seem
to figure out what in the control is doing it... is there logs or anything
i
can debug to figure out what is causing this dialog to load asking if i
want
to load the insecure items or not? thanks (in SSL connections the source
code is unviewable so i cant do it the easy way out)

Nov 18 '05 #2
if you hit your site with netscape or mozilla, you can use PageInfo to
determine this easily.

-- bruce (sqlwork.com)
"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:eQ**************@TK2MSFTNGP09.phx.gbl...
I created a project and it looks like everything is loading under HTTPS on
all the pages perfectly except one page that it loads saying that the page
contains both secure and non secure items... how would i check to see which items are loading that are insecure on IIS? the page is writen in ASP.NET, I know exactly which control is doing it (a custom writen one) but i cant seem to figure out what in the control is doing it... is there logs or anything i can debug to figure out what is causing this dialog to load asking if i want to load the insecure items or not? thanks (in SSL connections the source
code is unviewable so i cant do it the easy way out)

Nov 18 '05 #3
It's not a matter of whether an item is "insecure on IIS" - an item is
secured via its URL. If it begins with "https" it is secure. Well, it's a
bit more complicated than that, due to relative URLs in a page. When a page
has a relative URL (e.g. "someFolder/someitem.aspx" or
"/someFolder/someItem.jpg"), the base portion of the URL (which includes the
protocol) is appended from the present location to the URL to form the
complete URL. So, for example, let's say you click a link that has an
absolute URL of "https://..." That page is secured via HTTPS. Now you click
a link on that page which is relative, to another page (e.g.
"/someFolder/somePage.aspx"). The protocol portion of the URL is appended to
the link to create an absolute one by the browser. So, the second page,
regardless of the lack of "https" in the link, because it is a relative URL,
is still secure. In fact, to get to a non-secured page, you would have to
use an absolute URL, with the protocol included, to change the base protocol
portion of the URL to a non-scured (HTTP) address.

An HTML document can include other resources in it, such as images. If the
URLs of these images are relative, and the page they are in is reached via
HTTPS, they will also be requested using HTTPS. However, there are times
when not all of the resources in a page have the same protocol. This results
in the type of message you saw.

The most bullet-proof way to prevent this: Use all absolute URLs in the
page.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:eQ**************@TK2MSFTNGP09.phx.gbl...
I created a project and it looks like everything is loading under HTTPS on
all the pages perfectly except one page that it loads saying that the page
contains both secure and non secure items... how would i check to see which items are loading that are insecure on IIS? the page is writen in ASP.NET, I know exactly which control is doing it (a custom writen one) but i cant seem to figure out what in the control is doing it... is there logs or anything i can debug to figure out what is causing this dialog to load asking if i want to load the insecure items or not? thanks (in SSL connections the source
code is unviewable so i cant do it the easy way out)

Nov 18 '05 #4
eek, we're doing a secure email system which uses IFrames for HTML email
editing... that must be whats causing it... how would you fix this? thanks
"Nicole Calinoiu" <ni*****@somewhere.net> wrote in message
news:e1*************@TK2MSFTNGP12.phx.gbl...
Brian,

Looking at the server side of things won't necessarily help you since the
item that is not being requested over https doens't necessarily come from
your site. A better approach is to look at the html source on the client,
which should be human-readable even if it's been loaded over https. The
kinds of things that might be causing the problem are:

1. Any request over http. A simple search for "http:" (without the quotes) should reveal this.
2. Any frame, iframe, or img tags with a blank or unspecified src
attribute.
3. Any use of "about:____" pages. An example of this would be a frame
whose src attribute is set to "about:blank".

HTH,
Nicole
"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:eQ**************@TK2MSFTNGP09.phx.gbl...
I created a project and it looks like everything is loading under HTTPS on all the pages perfectly except one page that it loads saying that the page contains both secure and non secure items... how would i check to see
which
items are loading that are insecure on IIS? the page is writen in ASP.NET, I
know exactly which control is doing it (a custom writen one) but i cant
seem
to figure out what in the control is doing it... is there logs or anything i
can debug to figure out what is causing this dialog to load asking if i
want
to load the insecure items or not? thanks (in SSL connections the source
code is unviewable so i cant do it the easy way out)


Nov 18 '05 #5
Brian,

Instead of using blank src attributes for your iframes (unspecified or
src="" or src="about:blank"), use a real page from your site when you want
the iframe to appear to be empty. e.g.: <iframe src="blank.htm"... where
blank.htm has html source like the following:

<html>
<head>
<title>Blank page</title>
</head>
<body>
</body>
</html>

HTH,
Nicole

"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:O5**************@tk2msftngp13.phx.gbl...
eek, we're doing a secure email system which uses IFrames for HTML email
editing... that must be whats causing it... how would you fix this? thanks
"Nicole Calinoiu" <ni*****@somewhere.net> wrote in message
news:e1*************@TK2MSFTNGP12.phx.gbl...
Brian,

Looking at the server side of things won't necessarily help you since the
item that is not being requested over https doens't necessarily come from
your site. A better approach is to look at the html source on the
client,
which should be human-readable even if it's been loaded over https. The
kinds of things that might be causing the problem are:

1. Any request over http. A simple search for "http:" (without the

quotes)
should reveal this.
2. Any frame, iframe, or img tags with a blank or unspecified src
attribute.
3. Any use of "about:____" pages. An example of this would be a frame
whose src attribute is set to "about:blank".

HTH,
Nicole
"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:eQ**************@TK2MSFTNGP09.phx.gbl...
>I created a project and it looks like everything is loading under HTTPS on > all the pages perfectly except one page that it loads saying that the page > contains both secure and non secure items... how would i check to see
> which
> items are loading that are insecure on IIS? the page is writen in ASP.NET, > I
> know exactly which control is doing it (a custom writen one) but i cant
> seem
> to figure out what in the control is doing it... is there logs or anything > i
> can debug to figure out what is causing this dialog to load asking if i
> want
> to load the insecure items or not? thanks (in SSL connections the
> source
> code is unviewable so i cant do it the easy way out)
>
>



Nov 18 '05 #6
ahh thank you, ill see if that corrects the problem

"Nicole Calinoiu" <ni*****@somewhere.net> wrote in message
news:O9**************@TK2MSFTNGP10.phx.gbl...
Brian,

Instead of using blank src attributes for your iframes (unspecified or
src="" or src="about:blank"), use a real page from your site when you want
the iframe to appear to be empty. e.g.: <iframe src="blank.htm"... where
blank.htm has html source like the following:

<html>
<head>
<title>Blank page</title>
</head>
<body>
</body>
</html>

HTH,
Nicole

"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:O5**************@tk2msftngp13.phx.gbl...
eek, we're doing a secure email system which uses IFrames for HTML email
editing... that must be whats causing it... how would you fix this? thanks

"Nicole Calinoiu" <ni*****@somewhere.net> wrote in message
news:e1*************@TK2MSFTNGP12.phx.gbl...
Brian,

Looking at the server side of things won't necessarily help you since the item that is not being requested over https doens't necessarily come from your site. A better approach is to look at the html source on the
client,
which should be human-readable even if it's been loaded over https. The kinds of things that might be causing the problem are:

1. Any request over http. A simple search for "http:" (without the

quotes)
should reveal this.
2. Any frame, iframe, or img tags with a blank or unspecified src
attribute.
3. Any use of "about:____" pages. An example of this would be a frame
whose src attribute is set to "about:blank".

HTH,
Nicole
"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:eQ**************@TK2MSFTNGP09.phx.gbl...
>I created a project and it looks like everything is loading under HTTPS
on
> all the pages perfectly except one page that it loads saying that the

page
> contains both secure and non secure items... how would i check to see
> which
> items are loading that are insecure on IIS? the page is writen in

ASP.NET,
> I
> know exactly which control is doing it (a custom writen one) but i

cant > seem
> to figure out what in the control is doing it... is there logs or

anything
> i
> can debug to figure out what is causing this dialog to load asking if i > want
> to load the insecure items or not? thanks (in SSL connections the
> source
> code is unviewable so i cant do it the easy way out)
>
>



Nov 18 '05 #7
that fixed it, thanks
"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:eJ**************@TK2MSFTNGP10.phx.gbl...
ahh thank you, ill see if that corrects the problem

"Nicole Calinoiu" <ni*****@somewhere.net> wrote in message
news:O9**************@TK2MSFTNGP10.phx.gbl...
Brian,

Instead of using blank src attributes for your iframes (unspecified or
src="" or src="about:blank"), use a real page from your site when you want
the iframe to appear to be empty. e.g.: <iframe src="blank.htm"... where blank.htm has html source like the following:

<html>
<head>
<title>Blank page</title>
</head>
<body>
</body>
</html>

HTH,
Nicole

"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:O5**************@tk2msftngp13.phx.gbl...
eek, we're doing a secure email system which uses IFrames for HTML email editing... that must be whats causing it... how would you fix this?
thanks

"Nicole Calinoiu" <ni*****@somewhere.net> wrote in message
news:e1*************@TK2MSFTNGP12.phx.gbl...
> Brian,
>
> Looking at the server side of things won't necessarily help you since the> item that is not being requested over https doens't necessarily come from> your site. A better approach is to look at the html source on the
> client,
> which should be human-readable even if it's been loaded over https. The> kinds of things that might be causing the problem are:
>
> 1. Any request over http. A simple search for "http:" (without the
quotes)
> should reveal this.
> 2. Any frame, iframe, or img tags with a blank or unspecified src
> attribute.
> 3. Any use of "about:____" pages. An example of this would be a frame> whose src attribute is set to "about:blank".
>
> HTH,
> Nicole
>
>
> "Brian Henry" <br**********@newsgroups.nospam> wrote in message
> news:eQ**************@TK2MSFTNGP09.phx.gbl...
> >I created a project and it looks like everything is loading under HTTPS on
> > all the pages perfectly except one page that it loads saying that the page
> > contains both secure and non secure items... how would i check to see> > which
> > items are loading that are insecure on IIS? the page is writen in
ASP.NET,
> > I
> > know exactly which control is doing it (a custom writen one) but i cant> > seem
> > to figure out what in the control is doing it... is there logs or
anything
> > i
> > can debug to figure out what is causing this dialog to load asking
if i> > want
> > to load the insecure items or not? thanks (in SSL connections the
> > source
> > code is unviewable so i cant do it the easy way out)
> >
> >
>
>



Nov 18 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: | last post by:
When passing values from one page to another using context.items collection & server.transfer, how secure is this data? This is using the notion that you add an item to the context.items...
7
by: Seth | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
5
by: A.M | last post by:
Hi, My ASP.NET application uses SSL on IIS6. up on visiting some pages, IE 6 shows this security alert: This page contains both secure and non secure items. Do you want to display non-secure...
3
by: Vince Mele | last post by:
We are having a small problem with a couple of reports we developed for a client website. On two of the reports, sometimes (most of the time) we receive a warning message before the output of...
7
by: VB Programmer | last post by:
I created an ASP.NET website and recently got a secure certificate. Whenever I visit any of the pages IE says "This page contains both secure and nonsecure items. Do you want to display the...
1
by: UJ | last post by:
I have pages that all run fine. When I put them on a server that is using SSL, I start getting the 'There are secure and unsecure items on this page' message. And it's happening for almost every...
8
by: todd.freed | last post by:
Hey all, I have been racking my brain all morning to find a solution to this, and I am having no luck. Our webpage is created with Visual Studio C# and ASP.Net, hosted in-house using HTTPS with...
2
by: Mantorok | last post by:
Hi all This has been driving me nuts for months now, if I access my site from IE https://db.cornwall.gov.uk/PlanningApplications and then hover over one of the 2-level menus it comes up with the...
1
by: kumarione | last post by:
i want to know that ,Which are the Secure and non secure items in secure WEbpage develop with asp.net?
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.