It's not a matter of whether an item is "insecure on IIS" - an item is
secured via its URL. If it begins with "https" it is secure. Well, it's a
bit more complicated than that, due to relative URLs in a page. When a page
has a relative URL (e.g. "someFolder/someitem.aspx" or
"/someFolder/someItem.jpg"), the base portion of the URL (which includes the
protocol) is appended from the present location to the URL to form the
complete URL. So, for example, let's say you click a link that has an
absolute URL of "https://..." That page is secured via HTTPS. Now you click
a link on that page which is relative, to another page (e.g.
"/someFolder/somePage.aspx"). The protocol portion of the URL is appended to
the link to create an absolute one by the browser. So, the second page,
regardless of the lack of "https" in the link, because it is a relative URL,
is still secure. In fact, to get to a non-secured page, you would have to
use an absolute URL, with the protocol included, to change the base protocol
portion of the URL to a non-scured (HTTP) address.
An HTML document can include other resources in it, such as images. If the
URLs of these images are relative, and the page they are in is reached via
HTTPS, they will also be requested using HTTPS. However, there are times
when not all of the resources in a page have the same protocol. This results
in the type of message you saw.
The most bullet-proof way to prevent this: Use all absolute URLs in the
page.
--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.
"Brian Henry" <br**********@newsgroups.nospam> wrote in message
news:eQ**************@TK2MSFTNGP09.phx.gbl...
I created a project and it looks like everything is loading under HTTPS on
all the pages perfectly except one page that it loads saying that the page
contains both secure and non secure items... how would i check to see
which items are loading that are insecure on IIS? the page is writen in ASP.NET,
I know exactly which control is doing it (a custom writen one) but i cant
seem to figure out what in the control is doing it... is there logs or anything
i can debug to figure out what is causing this dialog to load asking if i
want to load the insecure items or not? thanks (in SSL connections the source
code is unviewable so i cant do it the easy way out)