Page Contains Both Secure And Non Secure Items
Sep 17, 2010
I'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
View 3 Replies
Similar Messages:
Oct 25, 2010
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 Replies
Oct 24, 2010
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
View 3 Replies
May 28, 2010
I am developing a web application in which the clients wants to send a pdf copy of aa Authenticated Page to users and as well as to the administrator..
As I google about this problem but didnt find any solution.
Because in all cases I have to pass the url of the secure page to the function...and in runtime when function make a webrequest to the page it will always generate the PDFof the login page.
So is there any way to generate the PDF of a secure page in C# ASP.Net
View 1 Replies
Jul 13, 2010
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
View 1 Replies
Aug 10, 2010
I have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
Also the pages are opening as https not http.
here is my web.config
[code]....
View 1 Replies
Jan 18, 2010
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 Replies
Aug 13, 2010
i have a single page that needs to be secure (https) , my problem is i dont know how to do it. Can you give me walkthrough on how to do this?
View 1 Replies
May 24, 2010
As I'm working on a project for a customer (and catching up to speed on the asp.net web development since I last embarked on it), I have a particular request that I want to make sure is not going to cause undesirable effects.
The customer is putting a URL on a printed sheet. He wants it to be [URL]. He doesn't want to add http:// or https:// because he wants to make it as short and pain free to type in as possible. Very reasonable goal.
The key is, I need to make sure that whatever they type in, they get to the secure page of the site (so [URL] would need to become [URL]
I know that I can write an HttpHandler to look and see if it's an https request, and if not, redirect them to the secure version. However, are there any pitfalls with this approach that I need to be aware of. Will some browsers pop up any nasty dialogs or such?
View 4 Replies
Jun 1, 2010
I'm wondering if theres already a combo let say jQuery - Some C# DLL to proive a secure both way communication between ASPX forms with jQuery and a control layer based on ashx files with C# classes...[From comment below]Well I see I have to be more specific. The are things like sniffers on simple network analysis tools even like Firebug that let you see the data transfered via POST or GET. The idea to secure a Server Client application is to ensure that data isn't corrupt and compromised, and to achive that you have to make imposible to an atacker to report false info so the best is to have improved some cryptographyc algorithms both on client and server to crypt decrypt encode decode data...
View 2 Replies
Jan 6, 2011
What is the best way to pass and 2 IDs from one page to another, in a very secure way?
View 6 Replies
Jan 24, 2010
i have asp.net 2.0 web site and in the main root i have some secure pages so if any unauthenticated user try to visit my page the browser redirect him to login.asp page (it was correct) but in my web i have subfolder named (Admin) and i want to secure all pages under this folder and redirect any user to new login page. how can i do it?
View 7 Replies
Feb 9, 2011
I would like to create a secure login page for a pre-defined set of users (so no creating username/passwords by the users themselves). I've looked up a few sites and they all seem to using Microsoft's Membership or something. I am not very sure as to why that's used, but all you need to know is that I will be creating the login details. I just need to make the login secure, ie, no duplicate logins, no logins from different browsers and cookies and sessions and encryption and all that.
View 2 Replies
Apr 4, 2011
I would like to create a secure login page for a pre-defined set of users (so no creating username/passwords by the users themselves). I've looked up a few sites and they all seem to suggest using Microsoft's Membership or something. I am not very sure as to why that's used, but all you need to know is that I will be creating the login details. I just need to make the login secure, ie, no duplicate logins, no logins from different browsers and cookies and sessions and encryption and all that. Any one have the code/links to where I can get all this?
View 1 Replies
Nov 9, 2010
I'm using paypal to make payments for an online digital download purchase. Once the payment is accepted the person is redirected to a page where they can download the product. I need to know how do I make a page that can only be accessed once via redirect.
View 1 Replies
May 28, 2010
How can I force page to use secure connection "https". Client might call the page using insecure connection. I want the page to to check connection, if insecure connection "http" is being used, reload the page with secure "https" connection
View 8 Replies
Feb 21, 2011
I have to do a web form that once the user has completed successfully and click the "I Agree" box and submit the form that redirects to the page where you can download some files. These visitors are not "users" in the sense of Drupal (no username / password, log back, etc), so I do not think the profile is actually the correct method vs Webform but should only be able to access to this page through redirection Webform.
View 2 Replies
Jul 9, 2010
I am building an application(asp.net) with online payment so i want to make these payment page SSL enable.
View 1 Replies
Jan 25, 2010
I have an MVC app that uses [Authorize] to protect the private bits. When I select the SignOut() URL it signs me out but if I hit the back button on my browser the it goes to the secure page and even lets me use the form. The action takes place and then it shows that I'm signed out. The problem is that it performs the secured action (inserting a row into my database). Then I can use the back button again and do it all over. If I use the back button after logging out and hit the browser refresh it does show I'm logged out and refuses me access to the secure page. Am I missing something important? It seems like it could be a really big security issue.
public ActionResult LogOff(string ReturnUrl)
{
FormsAuth.SignOut();
if (!String.IsNullOrEmpty(ReturnUrl))
{
return Redirect(ReturnUrl);
}
else
{
return RedirectToAction("Index", "Page");
}
}
View 3 Replies
Apr 15, 2010
I am a rookie when it comes to SSL and I need to secure a page that requires credit card processing. What steps are involved in tackling this? Is it a seamless intregration point once the cert is setup on the server?
View 2 Replies
Dec 31, 2010
How to make a secure login page using sql database by matching a user name and password and redirect them to differnt page as admin and user
View 2 Replies
Sep 1, 2010
1)How to make Default.aspx page a Secure socket layer page?
2)How much code does this take?
3 Is it easy ? i have no idea how this works
View 3 Replies
Apr 8, 2010
I'm trying to add some share this javascript in between the head tags of an asp.net page but only if the page is not secure (!Request.IsSecureConnection). How do I get the code in the head tags to check for secure connection and then write the javascript if not secure. I've tried using <% %> blocks and RegisterStartupScriptBlock and it's not working UPDATE: Was able to get it to work using this in the Page_Load
if(!Request.IsSecureConnection)
{
HtmlGenericControl Include = new HtmlGenericControl("script");
Include.Attributes.Add("type", "text/javascript");
Include.Attributes.Add("src", "http....");
this.Page.Header.Controls.Add(Include);
}
View 2 Replies
Feb 9, 2011
why this no-secure message comes on my site's homepage in Internet Explorer
Following is message:"The web page contains content that can not be delivered using secure HTTPS connection"
message box comes with yes/no option.
View 1 Replies
Jan 13, 2010
I want to post my login form to a secure url.
I figured the best way to do this would be bust open the HTML helpers for BeginForm with reflector and create my own extension method called BeginSecureForm. The problem I ran into was that it uses internal method UrlHelper.GenerateUrl and and the private method HtmlHelper.FormHelper.
Apart from hard coding URLs into a form what is the best way to generate forms that post to a secure url and then have that action redirect to a non secure action after login?
View 8 Replies
