.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Why a Security Warning on web page loading? How can code or users avoid it?

Posted By:      Posted Date: October 24, 2010    Points: 0   Category :ASP.Net

My asp.net page now gives a popup box titled "Security Warning" when the page loads. There are multiple pages in my app that do this. The content of the dialog box reads "Do you want to view only the webpage content that was delivered securely?"

Why is this happening all of a sudden? I think it's because the pages contain some http links to external site pages, but i don't remember seeing the message before, and those "nonsecure" links have been there from the beginning. I did add 30+ images though, sourced from in another directory of the project.

Is there some way i can make the images and links "secure"; delivered via https?

Is there some browser setting for users to set so they don't see this popup every time one of the many pages in this website loads?

All feedback and insight is appreciated!!!

View Complete Post

More Related Resource Links

Attack Surface: Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users


In this article, Microsoft security expert Michael Howard discusses the cardinal rules of attack surface reduction. His rules - reduce the amount of code executing by default, reduce the volume of code that is accessible to untrusted users by default, and limit the damage if the code is exploited - are explained along with the techniques to apply the rules to your code.

Michael Howard

MSDN Magazine November 2004

Need help redirecting users to personalized page


 Hi, first timer here so be gentle.


I've been able to create a cool little website, it's up and running with users logging in and out, I created roles so my administrative team can see sensitive data that's not available to regular and anonymous users.

Now they would like me to create a page specific to each user.  For instance when user A logs in they are redirected to a page that has information that pertains to user A only (like a list of their benefits/ their remaining vacation time). This page needs to be accessible only to user A. 

I've watched a ton of the videos but have yet to see one that covers this topic, any help would be great!!!





Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

On page loading or executing all CSS flags are ignored and website is plain without formatting


 My problem is whenever i execute my app the first page that loads is the login page pointed to by my web.config file forms authentication, this page is meant to show CSS formatting for the info i am displaying but it is not. Any help with this problem would be great. A cut and paste of my problem is shown below as you can see there is no CSS.

jsfdnjldfngjfg here it is

Account Login
User Id:
Forgot Password?

I have inserted all the link as in:




Foundations: Adding Code Access Security to WCF, Part 2


This month's column continues the discussion around code access security in WCF and partially trusted services.

Juval Lowy

MSDN Magazine July 2008

Wicked Code: Silverlight Page Turning Made Simple


As we'll show, with just a few lines of JavaScript you can build a general-purpose framework for incorporating page turns into Silverlight 1.0 apps.

Jeff Prosise

MSDN Magazine May 2008

Foundations: Code Access Security in WCF, Part 1


Here we discuss code-access security in Windows Communication Foundation (WCF) and present a solution for enabling partially trusted clients for WCF services.

Juval Lowy

MSDN Magazine April 2008

Security Briefs: Protecting Your Code with Visual C++ Defenses


Michael Howard outlines some of the buffer overrun defenses available in Visual C++ 2005 and beyond.

Michael Howard

MSDN Magazine March 2008

Security: Authenticate Users Across Organizations Using ADFS


Jack Couch looks at how to set up ADFS and when to use it; he then shows how to connect to an outside organization to offer single sign-on.

Jack Couch

MSDN Magazine December 2007

SQL Security: New SQL Truncation Attacks And How To Avoid Them


Exploits using SQL injection have drawn a lot of attention for their ability to get through firewalls and intrusion detection systems to compromise your data layers. Whether it's a first-order or second-order injection, if you look at the basic code pattern, it is similar to any other injection issue where you use untrusted data in the construction of a statement.

Bala Neerumalla

MSDN Magazine November 2006

Are You in the Know?: Find Out What's New with Code Access Security in the .NET Framework 2.0


Unlike role-based security measures, code access security is not based on user identity. Instead, it is based on the identity of the code that is running, including information such as where the code came from. Here Mike Downen discusses the role of code access security (CAS) in .NET and outlines some key new features and changes in CAS for the .NET Framework 2.0.

Mike Downen

MSDN Magazine November 2005

Security: Manipulate Privileges in Managed Code Reliably, Securely, and Efficiently


When the author was faced with implementing support for changing a security descriptor on an object, he noticed there was not support for that operation in .NET. So he devised two solutions to the problem: the first, simpler one, is tailored to the .NET Framework 1.1 and can be used today. The second solution incorporates several advanced features available only in the .NET Framework 2.0. Both are presented here.

Mark Novak

MSDN Magazine March 2005

Security Briefs: Beware of Fully Trusted Code


The vast majority of managed applications run with full trust, but based on my experience teaching . NET security to developers with a broad range of experience, most really don't understand the implications of fully trusted code.

Keith Brown

MSDN Magazine April 2004

Code Name WinFS: Revolutionary File Storage System Lets Users Search and Manage Files Based on Conte


One of the monumental problems organizations face today is aggregating information that's stored in disparate formats. Knowledge workers have long wanted to be able to search for content independent of format. The next version of the Windows operating system, code-named "Longhorn," boasts a new storage subsystem that makes that task easier. That subsystem, code-named "WinFS," allows the user to perform searches based on the metadata of the stored item, regardless of what type of file it is or which application created it. This article covers the basic architecture of WinFS and explains how to use the WinFS managed API.

Richard Grimes

MSDN Magazine January 2004

Review It: Expert Tips for Finding Security Defects in Your Code


Reviewing code for security defects is a key ingredient in the software creation process, ranking alongside planning, design, and testing. Here the author reflects over his years of code security reviews to identify patterns and best practices that all developers can follow when tracking down potential security loopholes. The process begins by examining the environment the code runs in, considering the roles of the users who will run it, and studying the history of any security issues the code may have had. After gaining an understanding of these background issues, specific vulnerabilities can be hunted down, including SQL injection attacks, cross-site scripting, and buffer overruns. In addition, certain red flags, such as variable names like "password", "secret," and other obvious but common security blunders, can be searched for and remedied.

Michael Howard

MSDN Magazine November 2003

Security Tips: Defend Your Code with Top Ten Security Tips Every Developer Must Know


There are many ways to get into trouble when it comes to security. You can trust all code that runs on your network, give any user access to important files, and never bother to check that code on your machine has not changed. You can run without virus protection software, not build security into your own code, and give too many privileges to too many accounts. You can even use a number of built-in functions carelessly enough to allow break-ins, and you can leave server ports open and unmonitored. Obviously, the list continues to grow. What are some of the really important issues, the biggest mistakes you should watch out for right now so that you don't compromise your data or your system? Security experts Michael Howard and Keith Brown present 10 tips to keep you out of hot water.

Michael Howard and Keith Brown

MSDN Magazine September 2002

Return of the Rich Client: Code Access Security and Distribution Features in .NET Enhance Client-Sid


Rich clients employ many of the features and conveniences of the operating system they run on, and the list of these features has been growing since the dawn of the PC. But as apps have migrated to the Web, the trend towards increasing client-side functionality has ground to a virtual halt. There are several reasons for this; chief among them are security and deployment problems. But that's all about to change. With the .NET Framework, you can participate in building the distributable rich client of the future. In this article, the author enumerates the pertinent features of .NET that will allow you to build safe, easily deployable controls. The features discussed include managed code, code access security, versioning control, Windows Forms classes, and isolation.

Jason Clark

MSDN Magazine June 2002

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend