ASP.NET & SSL

Discussion in 'ASP .Net Security' started by Curia Damiano, Feb 6, 2004.

  1. I have an app in C#/ASP.NET 1.1 on a Win2003 server.
    Now I'm trying to make it use SSL, so I requested and
    installed a server certificate to IIS.
    But now I have some questions:
    1) if I force my web-site to use SSL, and I request a page
    via SSL, in IE a warning appears telling that the page
    contains protected object and non protected object, but
    how is it possible, if I force https? How can I make this
    warning disappear?
    2) I would like to force https to all my objects; for
    example I'd like images, css, javascript and plain htm to
    be trasmitted not crypted. So I thought of using an
    HttpHandler that redirect http calls of aspx/asmx to https
    and https calls to other object to http. Is it possible?
    Or there is a better solution to this optimization?
    Thanks, Damiano Curia
    Curia Damiano, Feb 6, 2004
    #1
    1. Advertising

  2. Curia Damiano

    Ken Schaefer Guest

    Hi,

    To avoid the warning you need to either:
    a) change the browser settings (not possible if you do not control the
    browser)
    -or-
    b) all resources in a webpage (eg images, CSS, external javascript files,
    flash files) need to be referenced using HTTPS not HTTP. So if you have:

    <img src="http://www.myserver.com/image.jpg">

    you will get an error you see. You need to use:

    <img src="/image.jpg">

    Cheers
    Ken

    "Curia Damiano" <> wrote in message
    news:bbcb01c3ec99$9572b560$...
    : I have an app in C#/ASP.NET 1.1 on a Win2003 server.
    : Now I'm trying to make it use SSL, so I requested and
    : installed a server certificate to IIS.
    : But now I have some questions:
    : 1) if I force my web-site to use SSL, and I request a page
    : via SSL, in IE a warning appears telling that the page
    : contains protected object and non protected object, but
    : how is it possible, if I force https? How can I make this
    : warning disappear?
    : 2) I would like to force https to all my objects; for
    : example I'd like images, css, javascript and plain htm to
    : be trasmitted not crypted. So I thought of using an
    : HttpHandler that redirect http calls of aspx/asmx to https
    : and https calls to other object to http. Is it possible?
    : Or there is a better solution to this optimization?
    : Thanks, Damiano Curia
    Ken Schaefer, Feb 11, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 620
    Replies:
    2
    Views:
    998
    Murat Tunaboylu
    Jan 6, 2004
  2. CW
    Replies:
    2
    Views:
    514
  3. Sean Wolfe
    Replies:
    1
    Views:
    2,249
    Joerg Jooss
    Apr 28, 2005
  4. emukang
    Replies:
    0
    Views:
    2,864
    emukang
    Dec 20, 2005
  5. Nathan Crosby

    ASP.net SSL w/ an SSL Accelerator

    Nathan Crosby, Jul 25, 2006, in forum: ASP .Net Security
    Replies:
    2
    Views:
    194
    Nathan Crosby
    Aug 18, 2006
Loading...

Share This Page