473,327 Members | 2,065 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,327 software developers and data experts.

Finding nonsecure items in secure page

I am modifying an existing ASP.NET application to make it SSL
compatible. I have already searched the codebase and eliminated all
hardcoded "http" instances, replacing them with a method call that
returns the appropriate ("http" or "https") value in a given context. I
have also modified all iframe instances to ensure they always have a
valid src. But, when I run the application, I still encounter the
following Security dialog in IE:

Security Information

This page contains both secure and nonsecure items.

Do you want to display the nonsecure items?

(Yes) (No) (More Info)

My problem is that I can't figure out what is causing IE to report this
problem. Changing the settings in IE, while a popular solution in the
ie groups, is not a solution. I need to fix the underlying problem in
the application to provide users an acceptable user experience.

I tried using Fiddler to capture the non-SSL traffic from the browser
to IIS, but it would appear there is no traffic associated with the
warning, at least not traffic that Fiddler would intercept.

Unfortunately, because of the characteristics of the specific window
encountering the problem, I can not display the page's source (the
right click IE menu is being surpressed).

Anyone have any ideas?

IS there something other than a reference through an explicit "http:"
or an iframe without a non-null src specified that cause this dialog to
be displayed?

Hasn't someone built a plugin for IIS that would allow for monitoring
SSL traffic? Or, something to act as IE? (unfortunately, this is a very
IE dependent application, so I can't experiment with alternate browsers
unless they are fully IE compatible).

Thank you in advance for your help,
Marc

Nov 19 '05 #1
2 1901
ma*********@gmail.com wrote:
I am modifying an existing ASP.NET application to make it SSL
compatible. I have already searched the codebase and eliminated all
hardcoded "http" instances, replacing them with a method call that
returns the appropriate ("http" or "https") value in a given context. I
have also modified all iframe instances to ensure they always have a
valid src. But, when I run the application, I still encounter the
following Security dialog in IE:

Security Information

This page contains both secure and nonsecure items.

Do you want to display the nonsecure items?

(Yes) (No) (More Info)

My problem is that I can't figure out what is causing IE to report this
problem. Changing the settings in IE, while a popular solution in the
ie groups, is not a solution. I need to fix the underlying problem in
the application to provide users an acceptable user experience.

I tried using Fiddler to capture the non-SSL traffic from the browser
to IIS, but it would appear there is no traffic associated with the
warning, at least not traffic that Fiddler would intercept.

Unfortunately, because of the characteristics of the specific window
encountering the problem, I can not display the page's source (the
right click IE menu is being surpressed).

Anyone have any ideas?

IS there something other than a reference through an explicit "http:"
or an iframe without a non-null src specified that cause this dialog to
be displayed?

Hasn't someone built a plugin for IIS that would allow for monitoring
SSL traffic? Or, something to act as IE? (unfortunately, this is a very
IE dependent application, so I can't experiment with alternate browsers
unless they are fully IE compatible).

Thank you in advance for your help,
Marc

SRC links (IMG, META, SCRIPT, etc) being fully qualified to non ssl
site, pathed to outside the site, etc.

--
Curt Christianson
site: http://www.darkfalz.com
blog: http://blog.darkfalz.com
Nov 19 '05 #2
Are you saying that Intellisense meta tags can cause these error
dialogs? I thought they were only evaluated at design time and wouldn't
impact production operation?

If Intellisense URLs do impact the Secure content warning, can they be
specified with SSL, i.e. https:, paths?

--
Sent via .NET Newsgroups
http://www.dotnetnewsgroups.com
Nov 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Charles A. Lackman | last post by:
Hello, I have a web site that has a single page secured using SSL. This page also has Flash Macromedia header on it, Does this cause a conflict? When you visit the site it says, "This page...
7
by: VB Programmer | last post by:
I created an ASP.NET website and recently got a secure certificate. Whenever I visit any of the pages IE says "This page contains both secure and nonsecure items. Do you want to display the...
8
by: todd.freed | last post by:
Hey all, I have been racking my brain all morning to find a solution to this, and I am having no luck. Our webpage is created with Visual Studio C# and ASP.Net, hosted in-house using HTTPS with...
2
by: Mantorok | last post by:
Hi all This has been driving me nuts for months now, if I access my site from IE https://db.cornwall.gov.uk/PlanningApplications and then hover over one of the 2-level menus it comes up with the...
10
by: =?Utf-8?B?cGF0cmlja2RyZA==?= | last post by:
Hi guys! I use masterpages for my website, the inside content is secured (https), while the header and the footer master files are not, so, can I get rid of the "This page contains both secure...
3
by: DBLWizard | last post by:
Howdy All, I'm fighting with IE on a secure site where I am trying to set the location of a frame from within javascript using code similar to this. sHref =...
1
mikek12004
by: mikek12004 | last post by:
I have recently put https on a page with certificate and everything but when I type https://.. in IE I get the message "this page contains both secure and nonsecure items" why? What is the nonsecure...
1
by: tomaz | last post by:
Hi I have a website with multiple included js-files, included css-files... There is a virtual keyboard programmed (for touchscreen use) the moment I click on the keyboard icon to open the...
2
by: tomaz | last post by:
Hi I created an intranet over https. some clients still use Internet Explorer 5.01, this can't be changed :( Now I have following problem: When I click on a navigation button BEFORE the...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.