resources on secured web site - asp.net

We have a web site in the domain, let's name: http://website.com. It is necessary to implement same look-and-feel on another web site (https://custom.website.com). As we can see, the 2nd is in the sub-domain of the 1st one, but it is secured (it uses https).
To achieve same look-and-feel same DLLs are used in both web sites. These DLLs contain functionality for menus, JavaScripts, etc). But the 2nd web-site uses images and some css files from the 1st one. For example, in order to display "Logo.png" instead of usual "~/Images/Logo.png" the following path to file is rendered into HTML: "http://website.com/Images/Logo.png"
All stuff was done on the local environment, and work perfect (http://localhost/ referred to http://website.com).
BUT, when web-site was deployed to 'real' (development) environment we got surprise: IE notifies:
webpage contains content that will not be delivered using a secure HTTPS connection
I see option to resolve an issue: we could include images into secured web site and use them locally, but in this case we will need to do redeployment if something changed on the main web site.
Question: is there any workaround, how from secured web site we could use images that are located on the non-secured.
Thanks. Any thoughts are welcome.
P.S. I am using ASP.NET 3.5, web sites are hosted under Windows 2008

You need to host your images, CSS and scripts (more generally, whatever is loaded from the webpage) on your HTTPS site too to avoid mixed-content.

Depending on the level of security and isolation you could set up a shared virtual directory for the two websites that point to the same physical location.
Example, create a directory at C:\inetpub\shared-static and create a virtual directory /static under each website pointing to C:\inetpub\shared-static. From there both websites can refer to the image like ~/static/logo.png as necessary for shared content. When the directory has a new file (or replaced file) placed in it, both websites will refer to the same file.

If you can enable support of https on the main web site, you could use https for the image urls instead of http.
Alternative as others have suggested is to sync images / or used a shared location when serving them.

I see workaround:
on the 2nd web-site implement functionality that will check (once per day or per hour) if own images are the latest and update them when necessary...
That is a some work, but with such solution web site will be easier to support.
If you see a better option, please let me know.
Thanks.

Related

Dependencies that must be done away with for using CDN

I wanted to know that, is there some special requirement for a website to make use of CDN ?
i mean is there some special scheme(or atleast considerations) on which your website must be build right from the start to make use of CDN (Content delivery network).
is there anything that can stop a website from making use of CDN, for example the way it references the content files, static file paths or any other thing conceivable.
Thanks
It depends.
You have two kinds of CDN services:
Services like AWS Cloudfront that require you to upload the files in some special place that they read from (eg. AWS S3) - In this case you need have a step in your build process to correctly upload the files and handle the addresses somehow inside your application
Services like Akamai that just need you to change and tweak your DNS records so they will serve the request to your users instead of you - In this case you would have two domains (image.you.com and image2.you.com) and have the image.you.com pointing to Akamai and image2.you.com pointing to the original source of the file. Whenever a user requested an image in Akamai, they would come to you through the "back door", fetch it and starting serving that file always.
If you use the second approach it's really simple to have a CDN supporting your application.
There are a whole bunch of concerns when dealing with CDN solutions.
The first one is that a CDN can't serve a dynamic page - i.e. a page that is unique to every user. Typically, that includes PHP, ASPX, JSP, RubyOnRails etc. - so if you're hoping to support lots of users for a dynamic site, you have to come up with another solution. Some CDN providers support "Edge Side Includes" - this allows you to glue dynamic pages together with cached content on the CDN, but this creates quite a complex application.
Of course, even on a dynamic application, a CDN can still serve static files - images, stylesheets, javascript files, videos etc.
#Tucaz explains the two major options here (actually, Akamai also provides a "filestore" CDN option). If you select the second option - effectively, the CDN becomes a caching reverse proxy in front of your website - it makes sense to tweak the cache headers on your HTTP server, and tell the CDN to honour those. Make sure you set your .ASPX files to not cache!

create a whitelabel website and point domains to it

I'm after a little advice. I have a few websites which all essentially serve the same content. I have say websiteA, websiteB and websiteC. Each one points to one database to serve the content (think of it as a dating website). Each website has a folder in wwwroot and is mapped to the relevant domain name.
What I'd like to be able to do is have one website, say website A and simply point each of the domain names to that one site. However, how would I then make each site look different? Do I need something within websiteA which say if the referring URL is websiteB.com - serve this style sheet... if the website referring is WebsiteC.com then serve this CSS.
I suppose it's like creating a whitelabel service? I just don't know where I'd start!
Many thanks.
(PS: We have a windows dedicated server with IIS7)
The easiest option would be to react to the HTTP_HOST header, which will tell you which website the request if for, even if they're all mapped to the same folder.

How to make Drupal's multisite algorithm ignore the domain name part

I currently develop Drupal web sites using its multi-site feature that allows me to have a single code base and support multiple distinct settings per each site.
I set up a dev server and I was quite happy with my arrangement of domains like example.com.local (not that happy because I had to perform a small conversion before entering production, but still quite happy) and the thing used to work well. Too bad I recently started to work at places outside the LAN in which my dev server resides--mostly at clients' places where I need to demo their sites. First of all I set up a dyndns.org account and the server is accessible through the Internet.
Unfortunately the whole domain-based multi-site ungracefully fell down, since I'm now accessing the server via myservername.dyndns.org and Drupal's algorithm takes the domain name into account, so I'm forced to use at least the TLD as part of the directory name (namely sites/local.example.com). So I decided to switch to directory-based multi-site, and now I'm able to access my server from inside the LAN using myservername.local/example.com (having renamed the sites/ subdirectories accordingly). You should easily see why this is suboptimal, since when I browse to myservername.dyndns.org/example.com Drupal looks for sites/org.example.com. I temporarily ended up making a link from sites/org.example.com to sites/local.example.com but again, this does not scale well If and when I'll have to drop dyndns.org for, say, dev.mycorporatesite.com...
Is there any other possibility? I have full access to the server, I can change Apache2's configs, .htaccess and all the stuff.
I would recommend against referencing drupal multisites in folders but instead would set up your server to have a fixed domain name and each site in a subdomain.
So your dev server is at mydevserver.com
and then each site could be
client1.mydevserver.com
client2.mydevserver.com
etc.
If you also at the same time as creating these, you move the files folder from the default to whatever the live site will be i.e.
sites/livesite.com/files
Then when you have to go live, all the references will be correct (if you are drupal 7 this might not be an issue)

Relative Links with Extension-less URLs

I have an ASP.NET 4.0 application that implements URL routing. This gives me page URLs with no extension (e.g. /Articles/{title})
Some of these pages contain relative links. When I test the site from Visual Studio, relative links point to /Articles/{title}/mylink. However, when I deploy my site to a shared hosting account, the same relative link points to /Articles/mylink.
You can see the problem at http://blackbeltcoder.com/Articles/asp/creating-website-thumbnails-in-asp-net. The link to an image near the top is broken. This page worked fine when testing from Visual Studio. {title} was assumed to be a directory. But, once deployed, {title} is assumed to be the page name.
If I append "/" to the URL above, it works as expected. But how can I make sure it always works?
Can anyone help me understand this?
After extensive tests with both this website and another one that also uses URL routing, I'm finally able to define what is happening.
I'm going to describe the way this site behaves on the hosting account as "normal". It's the same way my other site works on both the hosting account AND when run on my desktop. (Although the other site doesn't use relative links this way.)
The odd case out is when I run the new site on my desktop. The browser automatically appends "/" to my routed URLs, as though they are directories.
And the reason it does this is because I have created physical directories with the same names! If I delete the physical directory, it treats the URL as a reference to a file.
So the main problem for me is that I developed the site while testing with this odd case. Therefore, the solution is either A) make sure "/" is appended to all these links so they are considered directories, or B) alter the directory structure I've designed.

Multiple domains, same web application on IIS 6

On IIS 6, is it possible to have multiple domain names pointing to the same web application, and conditionally serve CSS from within the web application based on the domain name?
I need to host hundreds of different "skins" on the same web application, with the skin being dependent upon the domain name, and I really don't want to launch tons of web applications.
+1 to rhinof for adding multiple identities, but creating a HttpModule is a bit over kill. You can simply switch the URL of the tag in a Master Page by examining the contents of Request.Headers["HOST"]
1) add the desired domain names as website identifiers in the advanced property page of the Web Site Tab.
2) map the .css extension to the aspnet_isapi.dll
3) write an httpmodule that will re write the url for .css requests based on the domain name
4) enable your module via the web.config
If you use themes, you can change the theme, thereby changing the css, etc. in the Page.PreInit depending on the value of the domain in Request.ServerVariables["Url"] (note, there might be a better server variable to get the domain name, look it up).
If you aren't using themes, you can programatically swap out the css file by checking the same server variable.
MasterPages are going to be your friend here.
Hope that shoves you in the right direction. It is possible and common.
If you are going to have different core content on the sites then I suggest putting in a global identifier to track which site a user is on and put your data in a DB somewhere for reference against that identifier. This is by far the easiest way to extend the app if each instance is unique.
You can put this into a class and have one common pattern for figuring out where stuff should map to. I suggest that once you know the mapping to cache that and then you will be able to do what you want without the latency of a thousand apps or db calls.
You will also need to add this parameter on any general DB calls so that you only get results for the domain that is being hosted. I’ve got a bit of experience with this so just leave some comments if you want to see some specific coding examples.
You can apply this technique to any file, CSS stylesheet or object for referencing purposes.
Yes, this should be simple to do. I'd go with the approach of mapping the domain names to your app using host headers in IIS. Then, as Martin said, interrogate Request.Headers["HOST"] in your app to switch the stylesheet.

Resources