Need help switching ASP.net to HTTPS

Question

I've been struggling with this and would love some help! I'm getting mixed SSL errors about my ASP.net CDN and I'm wondering if anyone knows how to fix it. Any help would be greatly appreciated.

Here they are:

www.billslasher.com/:1 Mixed Content: The page at 'my website (billslasher . com / submit-bill' was loaded over HTTPS, but requested an insecure resource ' http://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.min.js?ver=4.1 '. This request has been blocked; the content must be served over HTTPS.

www.billslasher.com/:1 Mixed Content: The page at 'my website' was loaded over HTTPS, but requested an insecure script ' http://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.min.js?ver=4.1 '. This request has been blocked; the content must be served over HTTPS.

Answer 1

You probably have included absolute paths in your views.

Eg. for the first having the following in your <head> element:

<script type="text/javascript" src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.min.js?ver=4.1" ></script>

which is clearly going to be loaded over plain HTTP.

One option for pages which can be accessed with either HTTP or HTTPS is a protocol relative URL:

<script type="text/javascript" src="//ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.min.js?ver=4.1" ></script>

and the protocol of the containing page will be used to get the resource.

For dynamically generated links you can either generate such protocol relative links or add the protocol depending on the request's protocol.

There are two complications to consider:

• An external resource with a different URL (eg. a different domain) for HTTP or HTTPS requests. This requires code.
• When detecting if the request is HTTPS remember a load balancer (or other proxy in front of your sever) may offload TLS encoding, so the connection to your server is HTTP even when the client request is HTTPS. Detecting this depends on the offload mechanism. There may be a request header (common) or a different port number (I've seen this recently: HTTP on port 81 is actually a HTTPS request).

Answer 2

You need to load your resources from an HTTPS CDN instead. The browser here is complaining that your main site loads over HTTPS but you reference resources with URLs that aren't. Or perhaps don't use the CDN and load everything locally.

Answer 3

use the protocol relative URLs method. change the url to just use the two forward slashes so your cdn call will be:

//ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.min.js?ver=4.1

Answer 4

I would suggest using a https:// proxy server to send out all of your requests. If you are using asp.net webforms controls that require Content Delivery Network resources, like AJAX controls, look at the scriptmanager control property enablecdn, https://msdn.microsoft.com/en-us/library/system.web.ui.scriptmanager.enablecdn%28v=vs.110%29.aspx