SSL

[Curia Damiano]

I have an app in C#/ASP.NET 1.1 on a Win2003 server.
Now I'm trying to make it use SSL, so I requested and installed a server
certificate to IIS.
But now I have some questions:
1) if I force my web-site to use SSL, and I request a page via SSL, in IE a
warning appears telling that the page contains protected object and non
protected object, but how is it possible, if I force https? How can I make
this warning disappear?
2) I would like to force https to all my objects; for example I'd like
images, css, javascript and plain htm to be trasmitted not crypted. So I
thought of using an HttpHandler that redirect http calls of aspx/asmx to
https and https calls to other object to http. Is it possible? Or there is a
better solution to this optimization?
Thanks, Damiano Curia

 

[Hernan de Lahitte]

It seems that 1 and 2 are likely to be opposite.
Perhaps this article might be of some help.

http://www.codeproject.com/aspnet/WebPageSecurity.asp

 

[Guest]

1) Yes and I've discovered why. I make a link to download
the flash player in http; if I make it in https the
warning disappear
2) But what I'd like is in fact the second solution. So
your link is very useful to me, I'll modify it to work on
by file extension rather than by file name.
Thanks a lot for your help!
Bye, Damiano