How to remove HTTPS to HTTP Security Alert message in .Net - asp.net

How to disable or block that Security Alert so that when any user access my Secured Page he
will not get Security Alert Dialog. Any help will be appreciated and thank
you in advance.
Thanks
Narendra Singh

To my knowledge, the security of a page is recognized at the browser level, and it is the browser that raises the security alert. Is it true that you are doing a redirect in your .NET code from an https page to an http page? If so, the cause is that the browser has detected a transfer from a secure page to an unsecured page without the user's consent, which causes a warning.
I'm unsure of your situation, but one way to get around this is to have the user click an html link that goes to an http page. The reason this will work, is that the browser recognizes this as the user's choice, and not a behind the scenes redirect.

Related

Wordpress - 401 Authorization Required

I recently renewed my domain name after it expired. However, when I try to view my website, a login box popups.
This is new. I tried putting in my wordpress admin username and password all to no avail. Infact I get a '401 Authorization Required' error.
I have been at this for some days now. I contacted my hosting provider. They said they could view my website and that everything is fine. They however instructed me to clear my browser cache and cookies, which I have done. Still, the problem persist.
I tried viewing the site with an IP proxy site and truly I could see my website without any errors or login pop up box.
How do I solve this problem?
A 401 request usually means that your client (e.g. your web browser) is not able to authenticate itself with the server therfore cannot view the resource.
You have cleared your cache and cookies and you're prompted by a login
box, following this a 401 error appears. The site is viewable from
proxy.
Things to check,
Flush your DNS
Are the login details correct? its possible to get this error from incorrect logins
Check the URL for errors, make sure you're using the intended url
Try deactivating your wordpress plugins if problems still persist
Any further information you can provide, including images would help a lot.

Logic for Cookie and Javascript disable in browser in Spring controller

I have created custom login form using SpringFramework3.2 and Springsecurity3.2. If in browser cookie and javascript is disable then I will redirect it to another page showing custome message. But require logic for cookie and javascript disable in Spring controller. Can anybody tell that logic. Will appreciate your help.
your site should work without requiring javascript or cookies. Google will likely not index your site and you will get fewer visitors. Some people disable javascript or cookies, and they won't be your customers either.
To detect whether javascript is enabled from your server see How to detect if JavaScript is disabled?
To detect whether cookies are enabled from your server see How to detect server-side whether cookies are disabled

submit form and include authorization headers

I have a server that use Basic authorization scheme, when user tries to access restricted content, the browser will pop-up a login/pass dialog which I saw will further transmit authorization type header to server.
I want to implement a classic (pure html) page with login/pass edit boxes and a send button but keep intact the auth scheme on server (is some embedded very limited server, without php, etc.), so the form must send that headers too.
Is it possible? Or did I missed something in my understanding so far?
Thanks very much in advance,

Validate Cross website request - Asp.Net

I have scenario where My webpage is requested by another website. That website will have Hyperlink to my webpage.
I Need to check whether request is coming from valid website or not. I have done this by checking URL Referer of that website, and working fine.
Another way to validate this request is to validate client certificate(x.509).
I want to know which is the best/secure way to validate referer website? Is there any other way to validate referer site excepting url referer and certificate validation?
Thanks
Fenil
The client certificate would identify the person clicking on the link, but not the referring page, so it should be ruled out.
As for the referrer, it does work, but with a couple of caveats:
1 - it's not secure (for big values of "secure"). The http_referrer is an optional field that the browser inserts in the request for your site. So it's controlled at the client's side and can be easily forged. So, if the level of security you want is "make sure that somebody has not posted my link on another page, where unaware users may click on it" then you're quite fine with checking the referrer. If you're relying on this for anything more (like making sure the incoming person is authorized to do something on your site) then you probably want a form of user authentication
2- some software that may be installed on your users' computers (like "Norton Internet Security") masks the http_referrer out of privacy concerns, so some of your users may not have a http_referrer.

Looking for HTTP Authentication website examples

I am looking for a website that requires HTTP authentication, so I can observe the behaviour of typical HTTP authentication dialog boxes. The reason I am looking into this, is that for some reason, on Firefox 3, our Flex app seems to open another HTTP authentication dialog box again, after cancel is clicked. It only seems to happen in Firefox 3. I want to find out if this is just a Firefox 3 issue, the nature of HTTP authentication, or something is wrong with our Flex app.
EDIT: I should clarify some more details. The problem with our flex app, is that when the authentication dialog box appears, the user clicks cancel. Then attempts to enter the page again, causing the authentication dialog box to appear again. However, if they type the correct password, the same dialog will reappear.
Thanks,
Jason
This website offers an example of HTTP authentication: http://www.httpwatch.com/httpgallery/authentication/
Firefox doesn't seem to realize that when you enter a username and password for a site it should attempt that authentication on all subsequent frames before asking you to log in again.
I'm not sure why this is, it seems like a bug to me but perhaps there is good reason for it.
One way to get around it is to begin your site on a page without frames, once HTTP authentication is finished redirect them to the framed page.

Resources