Quantcast
Channel: Williamo's Blog » SSL
Viewing all articles
Browse latest Browse all 2

IE Protected Mode + SSL?

0
0

First off, I haven’t forgotten about finishing the Amazon S3 post; I’ve just been sidetracked by a rather frustrating problem that I’m hoping someone can help me with:

Does anyone know how to work around Internet Explorer Protected Mode limitations without requiring the end-user to add our site to the Trusted Sites list?

The problem is that if we enable SSL logins for our site, they can only access SSL pages. IE prevents our non-SSL served pages from accessing the cookie created during the SSL session, so we can either serve everything via SSL (very expensive/resource-intensi​ve), or find some way to set an SSL *and* non-SSL cookie during the login process.

This MSDN article (What does ielowutil.exe have to do with Internet Explorer 8.0?) has the most relevant information I’ve found yet, but it discusses using Windows APIs, and I’m looking for a solution I can implement with ASP.NET, JavaScript, or some other well-delivered solution.

For what it’s worth, I’ve also posted this question (in a much less verbose form) to my Twitter feed here: http://twitter.com/#!/willwm/status/90588135175626752 – feel free to reply to my Twitter post, or this blog post.

Thank you!


Update #1: I’ve also posted this question to Stack Overflow as well:
http://stackoverflow.com/questions/6658620/ie-protected-mode-ssl-login-no-cookie-for-non-ssl-pages

Update #2: A friend of mine shared these links, hopefully they’ll help:


Filed under: ASP.NET, Fascinations, jQuery, Software Development, Web Development Tagged: api, Clients, cookies, HTTP Secure, ie7, ie8, ie9, ielowutil.exe, internet explorer, javascript, low, medium, Protected Mode, security, SSL, twitter, uac, user account control, Windows, windows 7, Windows Vista, WWW

Viewing all articles
Browse latest Browse all 2

Latest Images

Trending Articles





Latest Images