469,140 Members | 1,216 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,140 developers. It's quick & easy.

Security Dialog box in Internet Explorer

I am facing a strange problem with my web site. Afer reinstalling the web
application on the web server, I am getting a dialog box for each page. The
dialog box has the following information.

"This page contains both secure and nonsecure items. Do you want to display
the nonsecure items."

It was not happening before. I have searched in internet for removing the
dialog box. This is the solution that I got

1) Go to Internet options
2) Click on security Tab
3) Click Custom Level Button
4) Scroll to Miscellaneous Section
5) click on "Disable" radio button for the group Display mixed Content.

AFter doing the above, the dialog box is no more displayed. But my web
application will be access by more than 1000 users and it is very weired to
asked them to do the above settings. I am sure it was working perfectly fine
before. I want to understand this problem very well and troubleshoot it. My
page does not contain any harmful components. It is created in ASP.net and
C#. Even the most simple page is giving me this dialog box.

I am using the internet explorer versino 6.0.2800.1106

It would be great if the experts there could give me any idea why this is
happening. Again, I do not want the client to make modifications to the
options in their internet explorer to get rid of this dialog box.

Thanks in advance

Pradeep_tp
Nov 19 '05 #1
6 1869
Pradeep,

The most common cause of this and what is meant by "mixed content" is images
that are being linked to via a non-secure address but being displayed on a
secure page (or any other display item being linked to for that matter). If
you are connecting to any page of your web site via an https link then that
page's images src tag should either use use relative links
src="/images/myimage.jpg" so that the full link will be built out via https
or it should contain the full link
src="https://www.mywebsite.com/images/myimage.jpg".

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"pradeep_TP" <pr*******@discussions.microsoft.com> wrote in message
news:61**********************************@microsof t.com...
I am facing a strange problem with my web site. Afer reinstalling the web
application on the web server, I am getting a dialog box for each page.
The
dialog box has the following information.

"This page contains both secure and nonsecure items. Do you want to
display
the nonsecure items."

It was not happening before. I have searched in internet for removing the
dialog box. This is the solution that I got

1) Go to Internet options
2) Click on security Tab
3) Click Custom Level Button
4) Scroll to Miscellaneous Section
5) click on "Disable" radio button for the group Display mixed Content.

AFter doing the above, the dialog box is no more displayed. But my web
application will be access by more than 1000 users and it is very weired
to
asked them to do the above settings. I am sure it was working perfectly
fine
before. I want to understand this problem very well and troubleshoot it.
My
page does not contain any harmful components. It is created in ASP.net and
C#. Even the most simple page is giving me this dialog box.

I am using the internet explorer versino 6.0.2800.1106

It would be great if the experts there could give me any idea why this is
happening. Again, I do not want the client to make modifications to the
options in their internet explorer to get rid of this dialog box.

Thanks in advance

Pradeep_tp

Nov 19 '05 #2
Hi justin,

I have checked the source tag of all the images but did not find any src
attribute pointing to any unsecured URL. "src" attribute is pointing to the
images folder on the same server with "https" protocol. for example all the
image src attribute has the following format.

https://staging.myserver.com/mywebapp/images/home.gif

It would be great if you could throw more light on it.

cheers!!
pradeeptp

"S. Justin Gengo" wrote:
Pradeep,

The most common cause of this and what is meant by "mixed content" is images
that are being linked to via a non-secure address but being displayed on a
secure page (or any other display item being linked to for that matter). If
you are connecting to any page of your web site via an https link then that
page's images src tag should either use use relative links
src="/images/myimage.jpg" so that the full link will be built out via https
or it should contain the full link
src="https://www.mywebsite.com/images/myimage.jpg".

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"pradeep_TP" <pr*******@discussions.microsoft.com> wrote in message
news:61**********************************@microsof t.com...
I am facing a strange problem with my web site. Afer reinstalling the web
application on the web server, I am getting a dialog box for each page.
The
dialog box has the following information.

"This page contains both secure and nonsecure items. Do you want to
display
the nonsecure items."

It was not happening before. I have searched in internet for removing the
dialog box. This is the solution that I got

1) Go to Internet options
2) Click on security Tab
3) Click Custom Level Button
4) Scroll to Miscellaneous Section
5) click on "Disable" radio button for the group Display mixed Content.

AFter doing the above, the dialog box is no more displayed. But my web
application will be access by more than 1000 users and it is very weired
to
asked them to do the above settings. I am sure it was working perfectly
fine
before. I want to understand this problem very well and troubleshoot it.
My
page does not contain any harmful components. It is created in ASP.net and
C#. Even the most simple page is giving me this dialog box.

I am using the internet explorer versino 6.0.2800.1106

It would be great if the experts there could give me any idea why this is
happening. Again, I do not want the client to make modifications to the
options in their internet explorer to get rid of this dialog box.

Thanks in advance

Pradeep_tp


Nov 19 '05 #3
And what if you check the IIS log server side for non HTTPS GETs ?

--
Patrice

"pradeep_TP" <pr*******@discussions.microsoft.com> a écrit dans le message
de news:69**********************************@microsof t.com...
Hi justin,

I have checked the source tag of all the images but did not find any src
attribute pointing to any unsecured URL. "src" attribute is pointing to the images folder on the same server with "https" protocol. for example all the image src attribute has the following format.

https://staging.myserver.com/mywebapp/images/home.gif

It would be great if you could throw more light on it.

cheers!!
pradeeptp

"S. Justin Gengo" wrote:
Pradeep,

The most common cause of this and what is meant by "mixed content" is images that are being linked to via a non-secure address but being displayed on a secure page (or any other display item being linked to for that matter). If you are connecting to any page of your web site via an https link then that page's images src tag should either use use relative links
src="/images/myimage.jpg" so that the full link will be built out via https or it should contain the full link
src="https://www.mywebsite.com/images/myimage.jpg".

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"pradeep_TP" <pr*******@discussions.microsoft.com> wrote in message
news:61**********************************@microsof t.com...
I am facing a strange problem with my web site. Afer reinstalling the web application on the web server, I am getting a dialog box for each page. The
dialog box has the following information.

"This page contains both secure and nonsecure items. Do you want to
display
the nonsecure items."

It was not happening before. I have searched in internet for removing the dialog box. This is the solution that I got

1) Go to Internet options
2) Click on security Tab
3) Click Custom Level Button
4) Scroll to Miscellaneous Section
5) click on "Disable" radio button for the group Display mixed Content.
AFter doing the above, the dialog box is no more displayed. But my web
application will be access by more than 1000 users and it is very weired to
asked them to do the above settings. I am sure it was working perfectly fine
before. I want to understand this problem very well and troubleshoot it. My
page does not contain any harmful components. It is created in ASP.net and C#. Even the most simple page is giving me this dialog box.

I am using the internet explorer versino 6.0.2800.1106

It would be great if the experts there could give me any idea why this is happening. Again, I do not want the client to make modifications to the options in their internet explorer to get rid of this dialog box.

Thanks in advance

Pradeep_tp


Nov 19 '05 #4
hi patrice,

You have given me an interesting clue. So you mean to say that, IIS creates
log for these security warnings. Can you please tell me how can i check IIS
log.

Thanks
pradeep_tp

"Patrice" wrote:
And what if you check the IIS log server side for non HTTPS GETs ?

--
Patrice

"pradeep_TP" <pr*******@discussions.microsoft.com> a écrit dans le message
de news:69**********************************@microsof t.com...
Hi justin,

I have checked the source tag of all the images but did not find any src
attribute pointing to any unsecured URL. "src" attribute is pointing to

the
images folder on the same server with "https" protocol. for example all

the
image src attribute has the following format.

https://staging.myserver.com/mywebapp/images/home.gif

It would be great if you could throw more light on it.

cheers!!
pradeeptp

"S. Justin Gengo" wrote:
Pradeep,

The most common cause of this and what is meant by "mixed content" is images that are being linked to via a non-secure address but being displayed on a secure page (or any other display item being linked to for that matter). If you are connecting to any page of your web site via an https link then that page's images src tag should either use use relative links
src="/images/myimage.jpg" so that the full link will be built out via https or it should contain the full link
src="https://www.mywebsite.com/images/myimage.jpg".

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"pradeep_TP" <pr*******@discussions.microsoft.com> wrote in message
news:61**********************************@microsof t.com...
>I am facing a strange problem with my web site. Afer reinstalling the web > application on the web server, I am getting a dialog box for each page. > The
> dialog box has the following information.
>
> "This page contains both secure and nonsecure items. Do you want to
> display
> the nonsecure items."
>
> It was not happening before. I have searched in internet for removing the > dialog box. This is the solution that I got
>
> 1) Go to Internet options
> 2) Click on security Tab
> 3) Click Custom Level Button
> 4) Scroll to Miscellaneous Section
> 5) click on "Disable" radio button for the group Display mixed Content. >
> AFter doing the above, the dialog box is no more displayed. But my web
> application will be access by more than 1000 users and it is very weired > to
> asked them to do the above settings. I am sure it was working perfectly > fine
> before. I want to understand this problem very well and troubleshoot it. > My
> page does not contain any harmful components. It is created in ASP.net and > C#. Even the most simple page is giving me this dialog box.
>
> I am using the internet explorer versino 6.0.2800.1106
>
> It would be great if the experts there could give me any idea why this is > happening. Again, I do not want the client to make modifications to the > options in their internet explorer to get rid of this dialog box.
>
> Thanks in advance
>
> Pradeep_tp
>
>


Nov 19 '05 #5
Pradeep,

Patrice is steering you in the correct direction. If you images aren't the
cause of the problem then some other link/object is. And the logs are the
quickest way to find them. IIS automatically logs all requests to the
server. How your server is set up will make a difference on where those logs
may be stored. Do you have full access to your server or are you using a
hosting company?

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"pradeep_TP" <pr*******@discussions.microsoft.com> wrote in message
news:AF**********************************@microsof t.com...
hi patrice,

You have given me an interesting clue. So you mean to say that, IIS
creates
log for these security warnings. Can you please tell me how can i check
IIS
log.

Thanks
pradeep_tp

"Patrice" wrote:
And what if you check the IIS log server side for non HTTPS GETs ?

--
Patrice

"pradeep_TP" <pr*******@discussions.microsoft.com> a écrit dans le
message
de news:69**********************************@microsof t.com...
> Hi justin,
>
> I have checked the source tag of all the images but did not find any
> src
> attribute pointing to any unsecured URL. "src" attribute is pointing to

the
> images folder on the same server with "https" protocol. for example
> all

the
> image src attribute has the following format.
>
> https://staging.myserver.com/mywebapp/images/home.gif
>
> It would be great if you could throw more light on it.
>
> cheers!!
> pradeeptp
>
> "S. Justin Gengo" wrote:
>
> > Pradeep,
> >
> > The most common cause of this and what is meant by "mixed content" is

images
> > that are being linked to via a non-secure address but being displayed
> > on

a
> > secure page (or any other display item being linked to for that
> > matter).

If
> > you are connecting to any page of your web site via an https link
> > then

that
> > page's images src tag should either use use relative links
> > src="/images/myimage.jpg" so that the full link will be built out via

https
> > or it should contain the full link
> > src="https://www.mywebsite.com/images/myimage.jpg".
> >
> > --
> > Sincerely,
> >
> > S. Justin Gengo, MCP
> > Web Developer / Programmer
> >
> > www.aboutfortunate.com
> >
> > "Out of chaos comes order."
> > Nietzsche
> > "pradeep_TP" <pr*******@discussions.microsoft.com> wrote in message
> > news:61**********************************@microsof t.com...
> > >I am facing a strange problem with my web site. Afer reinstalling
> > >the

web
> > > application on the web server, I am getting a dialog box for each

page.
> > > The
> > > dialog box has the following information.
> > >
> > > "This page contains both secure and nonsecure items. Do you want to
> > > display
> > > the nonsecure items."
> > >
> > > It was not happening before. I have searched in internet for
> > > removing

the
> > > dialog box. This is the solution that I got
> > >
> > > 1) Go to Internet options
> > > 2) Click on security Tab
> > > 3) Click Custom Level Button
> > > 4) Scroll to Miscellaneous Section
> > > 5) click on "Disable" radio button for the group Display mixed

Content.
> > >
> > > AFter doing the above, the dialog box is no more displayed. But my
> > > web
> > > application will be access by more than 1000 users and it is very

weired
> > > to
> > > asked them to do the above settings. I am sure it was working

perfectly
> > > fine
> > > before. I want to understand this problem very well and
> > > troubleshoot

it.
> > > My
> > > page does not contain any harmful components. It is created in
> > > ASP.net

and
> > > C#. Even the most simple page is giving me this dialog box.
> > >
> > > I am using the internet explorer versino 6.0.2800.1106
> > >
> > > It would be great if the experts there could give me any idea why
> > > this

is
> > > happening. Again, I do not want the client to make modifications to

the
> > > options in their internet explorer to get rid of this dialog box.
> > >
> > > Thanks in advance
> > >
> > > Pradeep_tp
> > >
> > >
> >
> >
> >


Nov 19 '05 #6
No it doesn't record this directly. Basically it records all HTTP(S)
requests sent to the server. You have a log for each website under
system32\logfiles. See
http://support.microsoft.com/default...300390&sd=tech for
details...

In the log, the "port" column should be 80 for HTTP and 443 for HTTPS. It
will allow easily to see which resources are accessed using HTTP instead of
HTTPS as it seems you can't find them from the HTML markup (or double check
the CSS files, or possible IFRAMEs).

---
Patrice

"pradeep_TP" <pr*******@discussions.microsoft.com> a écrit dans le message
de news:AF**********************************@microsof t.com...
hi patrice,

You have given me an interesting clue. So you mean to say that, IIS creates log for these security warnings. Can you please tell me how can i check IIS log.

Thanks
pradeep_tp

"Patrice" wrote:
And what if you check the IIS log server side for non HTTPS GETs ?

--
Patrice

"pradeep_TP" <pr*******@discussions.microsoft.com> a écrit dans le message de news:69**********************************@microsof t.com...
Hi justin,

I have checked the source tag of all the images but did not find any src attribute pointing to any unsecured URL. "src" attribute is pointing to
the
images folder on the same server with "https" protocol. for example
all the
image src attribute has the following format.

https://staging.myserver.com/mywebapp/images/home.gif

It would be great if you could throw more light on it.

cheers!!
pradeeptp

"S. Justin Gengo" wrote:

> Pradeep,
>
> The most common cause of this and what is meant by "mixed content"
is images
> that are being linked to via a non-secure address but being
displayed on a
> secure page (or any other display item being linked to for that
matter). If
> you are connecting to any page of your web site via an https link
then that
> page's images src tag should either use use relative links
> src="/images/myimage.jpg" so that the full link will be built out
via https
> or it should contain the full link
> src="https://www.mywebsite.com/images/myimage.jpg".
>
> --
> Sincerely,
>
> S. Justin Gengo, MCP
> Web Developer / Programmer
>
> www.aboutfortunate.com
>
> "Out of chaos comes order."
> Nietzsche
> "pradeep_TP" <pr*******@discussions.microsoft.com> wrote in message
> news:61**********************************@microsof t.com...
> >I am facing a strange problem with my web site. Afer reinstalling
the web
> > application on the web server, I am getting a dialog box for each

page.
> > The
> > dialog box has the following information.
> >
> > "This page contains both secure and nonsecure items. Do you want
to > > display
> > the nonsecure items."
> >
> > It was not happening before. I have searched in internet for removing the
> > dialog box. This is the solution that I got
> >
> > 1) Go to Internet options
> > 2) Click on security Tab
> > 3) Click Custom Level Button
> > 4) Scroll to Miscellaneous Section
> > 5) click on "Disable" radio button for the group Display mixed

Content.
> >
> > AFter doing the above, the dialog box is no more displayed. But my
web > > application will be access by more than 1000 users and it is very

weired
> > to
> > asked them to do the above settings. I am sure it was working

perfectly
> > fine
> > before. I want to understand this problem very well and

troubleshoot it.
> > My
> > page does not contain any harmful components. It is created in
ASP.net and
> > C#. Even the most simple page is giving me this dialog box.
> >
> > I am using the internet explorer versino 6.0.2800.1106
> >
> > It would be great if the experts there could give me any idea why
this is
> > happening. Again, I do not want the client to make modifications
to the
> > options in their internet explorer to get rid of this dialog box.
> >
> > Thanks in advance
> >
> > Pradeep_tp
> >
> >
>
>
>


Nov 19 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by yuzie | last post: by
2 posts views Thread by Angel | last post: by
2 posts views Thread by Charles Mifsud | last post: by
4 posts views Thread by NormD | last post: by
3 posts views Thread by SpaceMarine | last post: by
reply views Thread by zhoujie | last post: by
1 post views Thread by Mortomer39 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.