Finding nonsecure items in secure page

M

marc.gibian

I am modifying an existing ASP.NET application to make it SSL
compatible. I have already searched the codebase and eliminated all
hardcoded "http" instances, replacing them with a method call that
returns the appropriate ("http" or "https") value in a given context. I
have also modified all iframe instances to ensure they always have a
valid src. But, when I run the application, I still encounter the
following Security dialog in IE:

Security Information

This page contains both secure and nonsecure items.

Do you want to display the nonsecure items?

(Yes) (No) (More Info)

My problem is that I can't figure out what is causing IE to report this
problem. Changing the settings in IE, while a popular solution in the
ie groups, is not a solution. I need to fix the underlying problem in
the application to provide users an acceptable user experience.

I tried using Fiddler to capture the non-SSL traffic from the browser
to IIS, but it would appear there is no traffic associated with the
warning, at least not traffic that Fiddler would intercept.

Unfortunately, because of the characteristics of the specific window
encountering the problem, I can not display the page's source (the
right click IE menu is being surpressed).

Anyone have any ideas?

IS there something other than a reference through an explicit "http:"
or an iframe without a non-null src specified that cause this dialog to
be displayed?

Hasn't someone built a plugin for IIS that would allow for monitoring
SSL traffic? Or, something to act as IE? (unfortunately, this is a very
IE dependent application, so I can't experiment with alternate browsers
unless they are fully IE compatible).

Thank you in advance for your help,
Marc
 
C

Curt_C [MVP]

I am modifying an existing ASP.NET application to make it SSL
compatible. I have already searched the codebase and eliminated all
hardcoded "http" instances, replacing them with a method call that
returns the appropriate ("http" or "https") value in a given context. I
have also modified all iframe instances to ensure they always have a
valid src. But, when I run the application, I still encounter the
following Security dialog in IE:

Security Information

This page contains both secure and nonsecure items.

Do you want to display the nonsecure items?

(Yes) (No) (More Info)

My problem is that I can't figure out what is causing IE to report this
problem. Changing the settings in IE, while a popular solution in the
ie groups, is not a solution. I need to fix the underlying problem in
the application to provide users an acceptable user experience.

I tried using Fiddler to capture the non-SSL traffic from the browser
to IIS, but it would appear there is no traffic associated with the
warning, at least not traffic that Fiddler would intercept.

Unfortunately, because of the characteristics of the specific window
encountering the problem, I can not display the page's source (the
right click IE menu is being surpressed).

Anyone have any ideas?

IS there something other than a reference through an explicit "http:"
or an iframe without a non-null src specified that cause this dialog to
be displayed?

Hasn't someone built a plugin for IIS that would allow for monitoring
SSL traffic? Or, something to act as IE? (unfortunately, this is a very
IE dependent application, so I can't experiment with alternate browsers
unless they are fully IE compatible).

Thank you in advance for your help,
Marc
SRC links (IMG, META, SCRIPT, etc) being fully qualified to non ssl
site, pathed to outside the site, etc.
 
M

marc

Are you saying that Intellisense meta tags can cause these error
dialogs? I thought they were only evaluated at design time and wouldn't
impact production operation?

If Intellisense URLs do impact the Secure content warning, can they be
specified with SSL, i.e. https:, paths?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,995
Messages
2,570,228
Members
46,818
Latest member
SapanaCarpetStudio

Latest Threads

Top