M
marc.gibian
I am modifying an existing ASP.NET application to make it SSL
compatible. I have already searched the codebase and eliminated all
hardcoded "http" instances, replacing them with a method call that
returns the appropriate ("http" or "https") value in a given context. I
have also modified all iframe instances to ensure they always have a
valid src. But, when I run the application, I still encounter the
following Security dialog in IE:
Security Information
This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?
(Yes) (No) (More Info)
My problem is that I can't figure out what is causing IE to report this
problem. Changing the settings in IE, while a popular solution in the
ie groups, is not a solution. I need to fix the underlying problem in
the application to provide users an acceptable user experience.
I tried using Fiddler to capture the non-SSL traffic from the browser
to IIS, but it would appear there is no traffic associated with the
warning, at least not traffic that Fiddler would intercept.
Unfortunately, because of the characteristics of the specific window
encountering the problem, I can not display the page's source (the
right click IE menu is being surpressed).
Anyone have any ideas?
IS there something other than a reference through an explicit "http:"
or an iframe without a non-null src specified that cause this dialog to
be displayed?
Hasn't someone built a plugin for IIS that would allow for monitoring
SSL traffic? Or, something to act as IE? (unfortunately, this is a very
IE dependent application, so I can't experiment with alternate browsers
unless they are fully IE compatible).
Thank you in advance for your help,
Marc
compatible. I have already searched the codebase and eliminated all
hardcoded "http" instances, replacing them with a method call that
returns the appropriate ("http" or "https") value in a given context. I
have also modified all iframe instances to ensure they always have a
valid src. But, when I run the application, I still encounter the
following Security dialog in IE:
Security Information
This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?
(Yes) (No) (More Info)
My problem is that I can't figure out what is causing IE to report this
problem. Changing the settings in IE, while a popular solution in the
ie groups, is not a solution. I need to fix the underlying problem in
the application to provide users an acceptable user experience.
I tried using Fiddler to capture the non-SSL traffic from the browser
to IIS, but it would appear there is no traffic associated with the
warning, at least not traffic that Fiddler would intercept.
Unfortunately, because of the characteristics of the specific window
encountering the problem, I can not display the page's source (the
right click IE menu is being surpressed).
Anyone have any ideas?
IS there something other than a reference through an explicit "http:"
or an iframe without a non-null src specified that cause this dialog to
be displayed?
Hasn't someone built a plugin for IIS that would allow for monitoring
SSL traffic? Or, something to act as IE? (unfortunately, this is a very
IE dependent application, so I can't experiment with alternate browsers
unless they are fully IE compatible).
Thank you in advance for your help,
Marc