How can I Ensure That Secure Content Is Served Over HTTPS Only (IIS 6.0)? when the certificate is installed. In other words how can I direct all the http request to https. For example when some type http://localhost it redirects to https://localhost.
View 2 RepliesIs there a way to know beforehand if a given page will be served in HTTPS. To be clear I don't want to know if thecurrent page is using HTTPS or not.
View 3 RepliesI have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 RepliesI am creating a website in Visual Studio 2010 for ASP.NET 4.0 written in C#.
I have a Global.asax file with a method to force specific pages or directories to use https. Then in the web.config file, I define which pages and directories should use https.
The problem I am running into is content not coming over as https even though the URL is https, so IE gives a security warning. We do have a valid cert on the domain. The security warning pop up says, "Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage." If users choose Yes, then parts of the applications do not work.
Is there a way that I can force the content (images, JavaScript files included in the page, etc) to come over as https? All the files are on the web server, so I am not trying to include outside resources (like not displaying a video or image from another site, it is all on my site's web server). I want to avoid absolute URLs in my code because some of the applications are complex and I cannot find all the places where resources are being called.
I am creating a website with password-protected pages in it.
I have two type of customer: 1. Free 2. Paid
For paid customers, pages would be rendered over HTTPS whereas for free customer, pages will be rendered over HTTP. However, pages for both types of users would be same (while populating specific information for each user.)
note, the URL for the two users should be same except HTTP/HTTPS part.
I am new to HTTPS and want to know how to achieve this.
I am wondering how to implement it?
I have a bunch of internet devices which communicate with my MVC app on IIS 7.5. I'm currently using the built-in dynamic transparent compression (gzip/deflate).
I'd like to be able to support a different compression algorithm, which does a lot better than gzip (7zip) for the content I'm sending/receiving.
In other words, on the client I will add the header: accepts: gzip, deflate, 7zip (or similar), and the server will recognize this, and apply the best choice when sending the content.
What's the best way to go about hooking this all together? (I know how to implement the actual 7zip encode/decode aspect)
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 RepliesI am trying to use an XML as a datasource in ASP and then display it as a datagrid. The XML has the following format:
<?xml version="1.0" encoding="UTF-8"?>
<people type="array">
<person>[code]....
When I try to run the simple page I receive the following error
Server Error in '/' Application.the data source for GridView with id 'GridView1' did not have any properties or attributes from which to generate columns. Ensure that your data source has content.
Here is my page code
<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="Default.aspx.vb" Inherits="shout._Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[code]....
I am developing a web application that I want to ensure is properly licensed each time they log into it. This application can either be hosted by my company or hosted at my client's site. I wanted to do this verification via a web service hosted on my company's server, but the problem is if the client's outside internet connectivity is down I still want them to be able to run the application and have it verify when it's back up and running again.How would you propose I do this?
View 2 RepliesHas anyone had issues with streaming CSV (or TXT) content to the browser over SSL/HTTPS.
There are no issues when running my code in Firefox - i've found a bunch of issues, all seem to be solved for people using PHP.
this.Response.ClearContent();
this.Response.ClearHeaders();
this.Response.Buffer = true;
...
this.Response.AddHeader("","") // headers
this.Response.Write("TXT STRING GOES HERE");
this.Response.Flush();
this.Response.End();
I've tried all different headers to remove the no-cache, pragma ...etc.
[code]....
I have hosted asp.net web service on IIS 6.
Client of the service is using the service successfully by HTTP://<hostname>/service.asmx.
I want to allow only HTTPS://<hostname>/service.asmx, i.e. No one can access web service using HTTP://
If I deploy my ASP.NET project to a shared server web hosting, then is there a way to secure my source files so that the provider will not be able to access the source?. For example, the provider of my web hosting may download my files and then he will be able to get access to all my source.
View 9 RepliesI have one asp.net application i need to make my website secure..
View 2 RepliesI have deployed my asp.net application locally in my office server.
View 5 RepliesI am a newbie. First time, I am going to deploy the web application to a host? Few questions, do you know any free asp.net hosting with FTP capability? Secondly, how do I ensure the data-base is secure, so that the hosting site cannot access the database or open without a password?
View 1 Replies[Code]....
i have a above connections string in which i use UserName: taha1_ID2, Password: taha321, and SQL Server DataBase Name:taha1_web2 How can we encrypt it in web.Config
Note: All the above are fake.
I am rather new to asp.net but I have built a couple of apps that do not require users to login. am having some problems moving my secure .net application from my laptop to a production server, however, and I am hoping someone can help me. On my laptop my application's user authentication functions as it should, but when I move my application to a webserver I get an assortment of errors. Forgive me if these questions are a little basic. My first question is this. In a production environment do I move the ASPNETDB.MDF file in the App_Data folder to my SQL server? Is it OK to rename it to something more descriptive?
View 4 Repliesafter installing ssl for a website (by host admin)
all of pages are https now,
I need one http page? it is related to programming or iis?
I am a rookie when it comes to SSL and I need to secure a page that requires credit card processing. What steps are involved in tackling this? Is it a seamless intregration point once the cert is setup on the server?
View 2 RepliesIn IIS7 I don't find any possibility to keep a website from responding to it's IP address as soon there is SSL set up for this website. I did not add the IP address as hostname for this website and so would expect that the site does only respond to it's given hostname(s). Unfortunately the website won't work if requested via it's IP address, so I have to disable IP address as hostname somehow.
Another issue is that IIS 7 does not display the "secure connection obligatory" error page anymore if secure connection is mandatory for a website. Is there any way to get this error page being displayed, just like it was in IIS6 ?
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
I bought a website a few years ago, hosted with WebHost4Life,. Since their migration their has been nothing but problems with my site, however, I am stuck because I don't have the knowledge to move it, have tried with no success. Anyway, recently I have been getting parser error messages, Webhost fixed them, and then it starts over again. It takes them weeks to get around to it and since its my livelihood, I can't afford for the site to be down for 5 days then running for one day. I've tried to contact the guy that built the site to no avail, he won't answer my emails.
why these parser errors keep happening. This is a recent thing from the past 2 months, never had this before. What can I do to stop it. it looks like the knowledge here is unreal, I'm in awe everytime I read your answers. BTW, heres my lastest parser error:
Parser Error Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately. Parser Error Message: Only Content controls are allowed directly in a content page that contains Content controls. Source Error:
[Code]....
I'll try to be short and get right to defining the problem. We have an ASP.NET 2 application (eCommerce package) running on IIS (Windows Server 2003). The main site's page(s) are using plain HTTP (no SSL), but the whole checkout process and the shopping cart page is using SSL (HTTPS). Now, the problem is that the site's header is located in a template file, and inside it it has a plain HTML 'img' tag calling an image with the "http://" portion hard-coded into it... This header appears on absolutely every page (including the https pages), and due to its insecure image tag, a warning box pops up in IE on every stage of the checkout process...
Now, the problem: The live application cannot be touched in any way (no changes can be made to the template (so simply changing "http://" to "//" is not an option), IIS cannot be restarted, and the website/app pool cannot be restarted). Is there any way in the world (maybe plugin for IIS or a setting somewhere) that I can filter the pages right before they are served to replace the '<img src="http://example.com/image.jpg">' with '<img src="//example.com/image.jpg">' in the final HTML? Possibly via a regular expression or something?
I have a website statistics program that creates .htm pages for viewing. Im trying to keep them in their own folder on the root - "Statistics"After reading many posts I have tried many iterations of:
[code]...
Problem is, an .aspx pages in there won't get served with login, but all the .htm pages will.