Mixed Content Issue - asp.net

Currently I am working in software Development Company where we have an eLearning System. Product has collection of sites and main page contain 3 iframes which loads different web sites. We are going to enable SSL on the site in order all sites. Currently we put this on hold since we experience Mixed Content Issues because of following reasons.
• Some of the elements in the user’s data which refers http content.
Ex: img, js etc
• Some of the third party web sites which loads in our iframes. (Different content provider)
We thought of developing our own web proxy, but we do have concern about performance as well as expensiveness of this solution. Can anybody tell what are the available solutions for the Mixed Content Issues and available third party web proxy where we can buy?

Apache has mod_proxy built in. It's free, and works nicely. Nginx (also free and very good) has proxy_pass.
Please don't write your own proxy. There is no need to.
Here is someone who has done exactly what you are trying to do.

Related

How do i scale my solution to multiple domains on single web application

Im a little lost here. Im starting on a project for a customer who wants a SaaS solution as a small portal.
The idea is that i make a web solution e.g. an online business card, where each customer should have their own domain like this:
www.carpenter.com
www.painter.com
www.masonry.com
Etc. each of these domains should point to my web application and each have their own administration web site and the online business card. This means that if I go to: www.carpenter.com I should see the companys online business card. And at the url: www.carpenter.com/admin the carpenter company should be able to log in and edit its information.
I hope this makes sense.
What Im looking at is how this is done in practice, I would like to have a central database and a central place to update my software (maybe one per country). What do i need to do to point a www.carpenter.com domain/url to its own specific area in my web app. And how do I need to structure my web application to do this?
Im using ASP.NET MVC for this, but this should be a general question regardless of language - or?
Im considering using a cloud service such as Azure, is this possible with this setup? Or do i need a virtual hosted server i own myself?
I guess the main question is "how do I host multiple domains on the same software" - and keep the display of the "business card" and admin separated from each customer?
Not sure if this specifically answers your question, and my experience thus far has not been with ASP, but I think the general idea is that you determine the execution environment for your web app early in the bootstrap process, and then set constants and configuration options at that point. Then, you can use those values throughout your application to customise the response based on which site you're working with (i.e. carpetner, masonry, etc.). And, since the only piece of differentiating information you have during the bootstrap process is the domain name and URL of the site being requested, I think the generally accepted method is to switch on the domain name. So, you can store different configs for the different sites based on their domain names, and then load those configs during the bootstrap process. For example, if you had a different site template for your carpentry site and your masonry site, you could store the path to your templates as one of the configuration options. HTH

Multiple applications under single domain, in corresponding folders

This is a bit unusual, but somewhat reasonable. I have a domain say mycompany.com and a sub domain demos.mycompany.com and I want to host some demo applications under this sub domain.
So I created a website in IIS (7.5) say demos.mycompany, and added 2 applications to it named demo1 and demo2 which contains a different website application, and they can be accessed via demos.mycompany/demo1 and demos.mycompany/demo2. The root website (demos.mycompany.com) loads correctly and works fine. But the problem is for demo1 which is an asp.net web api project. The problem occurs when a request to web services is made, for example demos.mycompany/api/Account/UserInfo is not found because the project base URL is changed to demos.mycompany/demo1 and therefore the mentioned web service is available at demos.mycompany/demo1/api/Account/UserInfo.
I don't know if there will be other problems with this approach. This was just the one big problem that I found, There may be other shortcomings to this.
Are there any suggestions to solve this problem?
Is there any other issues to consider before going on with this approach?

Product integrated with CQ5 to check the content standard?

we currently use Active Standard (a website quality testing service that checks pages for spelling, grammar, broken links, poor HTML code, etc). I want to understand how they could use this going forward with our new CQ5 site so that content is checked before it goes live. Since Active Standards is a ‘service’ it currently only checks the live site as that is all it can access.
Do we know if there is a content quality testing tool that could integrate into the CQ5 authoring environment?
Challenges:
How would a service like Active Standards be able to access the
authoring environment which sits behind a firewall on client's
network?
Is there a product which integrates with CQ5 that can be run at the
point the author is creating content?
I don't know Active Standard but from your description I understand it's a service that accesses a public website via HTTP to check its content.
If that's correct and there's no way to provide it with credentials so that it could access a secured stating version of your website, the only way that I see is exposing the staging content that you want to check on a public URL like staging.mysite.com, maybe adding disclaimers, robots.txt and removing CSS etc. so that people don't mistake it for the actual site. That staging website can then get content from the CQ author in a restricted way, using CQ access control and read-only users for example. But that won't work if you want to keep your staged content secret.
At the CQ level, the observation/notification and workflow mechanisms can be used to process content as soon as it's created, but to use this you need to be able to submit the content to the checking service yourself using HTTP or other clients, instead of having it crawl your staging content by itself.

Web and Mobile Web: Subdomains or External CSS for propert layout?

I am designing an app that I want to run on both web and mobile web browsers. Obviously I need different layouts and views for both seeing that they have drastically-different size constraints for the UIs. I will obviously also need some kind of browser detection to figure out whether or not the request is coming from a web or mobile web client.
I have seen this solution implement is 2 ways:
Route HTTP requests differently depending on whether the detected client is web (send to www.example.com) or mobile web (send to m.example.com); or
Return different CSS sheets depending on whether the detected client is web (app-styles-web.css) or mobile web (app-styles-mobile.css)
My question: what are the pros/cons to each strategy and why? Subdomains seem like a bit unnecessary, seeing that you're going to have to have 2 different CSS sheets anyways, but perhaps they are becoming a "best practice" because they separate concerns? Thanks in advance!
A lot of the larger vendors tend to use a sub-domain because it allows the end client browser to be sure that they are redirecting to the correct version of the site. Consider today's dot-com giants - Facebook, Twitter, Yahoo, they all have their own compact mobile based sub-domains.
Consider the case that I use my smartphone to view a website - www.example.com. There's some code that detects my user-agent and redirects me to its mobile web equivalent sub-domain m.example.com. Tomorrow, I view the same website on a bespoke browser on another hand-set. This browser conceals the meta-data so that the user agent received at the code is not that of a smartphone. It'll now load the web-based version of the same website risking the fact that web-pages/CSS/JavaScript will render incorrectly. Fortunately, I know that there's a mobile web sub-domain of the same site so I'll hit my address bar to point to the correct sub-domain.
Finally, there are strong SEO implications, a sub-domain is treated as a completely different website so you may put yourself at a disadvantage if you'd just load a different view.
Few months back I too faced a similar conundrum. But I evaluated and thought of on all the above points that I mentioned and today I ended up having lots of happy customers :-)
If you'd like to play it safe, use the sub-domain approach.

How can I get two SSL certs to work on a two domain, shared IP configuration

I have two web site that are 99% similar. They share all of the same pages except the difference being that the logos change, a few of the links change, and the products that show up on either web site are flagged to show up on either or, or both. They use the same database.
I have written a utility method that essentially injects a where clause into any database access code I write throughout the app to determine which products to display depending on the current URL.
Problem: Website B gives the user a warning message that the site they are trying to go to is in fact Website A. I've read that the SSL cert needs a distinct IP.
Right now how I have everything set up is very clean on a maintenance perspective. I can update files in one place. Any suggestions on how to make the SSL behave, or am I looking at seperate IP's for the hosting(I really don't want to have to do this)?
If the latter, what do you suggest?
Site runs ASP.NET 4.0. Precompiled DLL.
UPDATE: Thanks to #GregS comment
If the sites share the same domain you can use a wildcard certificate
site1 - site1.somedomain.com
site2 - site2.somedomain.com
Otherwise you will need to get a UCC (United communications certificate) that will be for both domains.
You will need to configure IIS 7 from the command line because the GUI doesn't support setting different host headers for the same certificate. This tutorial shows how it can be done.
I setup another website in IIS that points to the same files as the first web site, got another SSL cert for the new site.

Resources