By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
458,221 Members | 1,075 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 458,221 IT Pros & Developers. It's quick & easy.

Finding nonsecure items in secure page

P: n/a
I am modifying an existing ASP.NET application to make it SSL
compatible. I have already searched the codebase and eliminated all
hardcoded "http" instances, replacing them with a method call that
returns the appropriate ("http" or "https") value in a given context. I
have also modified all iframe instances to ensure they always have a
valid src. But, when I run the application, I still encounter the
following Security dialog in IE:

Security Information

This page contains both secure and nonsecure items.

Do you want to display the nonsecure items?

(Yes) (No) (More Info)

My problem is that I can't figure out what is causing IE to report this
problem. Changing the settings in IE, while a popular solution in the
ie groups, is not a solution. I need to fix the underlying problem in
the application to provide users an acceptable user experience.

I tried using Fiddler to capture the non-SSL traffic from the browser
to IIS, but it would appear there is no traffic associated with the
warning, at least not traffic that Fiddler would intercept.

Unfortunately, because of the characteristics of the specific window
encountering the problem, I can not display the page's source (the
right click IE menu is being surpressed).

Anyone have any ideas?

IS there something other than a reference through an explicit "http:"
or an iframe without a non-null src specified that cause this dialog to
be displayed?

Hasn't someone built a plugin for IIS that would allow for monitoring
SSL traffic? Or, something to act as IE? (unfortunately, this is a very
IE dependent application, so I can't experiment with alternate browsers
unless they are fully IE compatible).

Thank you in advance for your help,
Marc

Nov 19 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
ma*********@gmail.com wrote:
I am modifying an existing ASP.NET application to make it SSL
compatible. I have already searched the codebase and eliminated all
hardcoded "http" instances, replacing them with a method call that
returns the appropriate ("http" or "https") value in a given context. I
have also modified all iframe instances to ensure they always have a
valid src. But, when I run the application, I still encounter the
following Security dialog in IE:

Security Information

This page contains both secure and nonsecure items.

Do you want to display the nonsecure items?

(Yes) (No) (More Info)

My problem is that I can't figure out what is causing IE to report this
problem. Changing the settings in IE, while a popular solution in the
ie groups, is not a solution. I need to fix the underlying problem in
the application to provide users an acceptable user experience.

I tried using Fiddler to capture the non-SSL traffic from the browser
to IIS, but it would appear there is no traffic associated with the
warning, at least not traffic that Fiddler would intercept.

Unfortunately, because of the characteristics of the specific window
encountering the problem, I can not display the page's source (the
right click IE menu is being surpressed).

Anyone have any ideas?

IS there something other than a reference through an explicit "http:"
or an iframe without a non-null src specified that cause this dialog to
be displayed?

Hasn't someone built a plugin for IIS that would allow for monitoring
SSL traffic? Or, something to act as IE? (unfortunately, this is a very
IE dependent application, so I can't experiment with alternate browsers
unless they are fully IE compatible).

Thank you in advance for your help,
Marc

SRC links (IMG, META, SCRIPT, etc) being fully qualified to non ssl
site, pathed to outside the site, etc.

--
Curt Christianson
site: http://www.darkfalz.com
blog: http://blog.darkfalz.com
Nov 19 '05 #2

P: n/a
Are you saying that Intellisense meta tags can cause these error
dialogs? I thought they were only evaluated at design time and wouldn't
impact production operation?

If Intellisense URLs do impact the Secure content warning, can they be
specified with SSL, i.e. https:, paths?

--
Sent via .NET Newsgroups
http://www.dotnetnewsgroups.com
Nov 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.