frenzypeng / securityswitch

Automatically exported from code.google.com/p/securityswitch
Other
0 stars 0 forks source link

Trying to install SecuritySwitch but dont see any change while changing the web app to https. #18

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. I copied the dll in the bin folder 
2. changed the web.config as mentioned
3.

What is the expected output? What do you see instead?
When I try to access the app over https in IE I still get the warning messages 
and in Firefox the images/CSS is not downloaded. Where as after using the 
SecuritySwitch I should be able to see the images and css in the pages.

What version of the product are you using? On what operating system?
Windows 2003, IIS 6.0

Please provide any additional information below.

Original issue reported on code.google.com by vprathyu...@gmail.com on 22 Jun 2011 at 7:48

GoogleCodeExporter commented 8 years ago
Make sure you have configured the directories for your images and style sheets 
in this module's configuration section with the secure attribute set to 
"Ignore".

...
<add path="~/images" secure="Ignore" />
<add path="~/styles" secure="Ignore" />

Original comment by vent...@gmail.com on 22 Jun 2011 at 9:52

GoogleCodeExporter commented 8 years ago
I did that and what I see in firefox using firebug is that for the css i get 
the message as "Failed to load source for 
:http://<ipaddress>:443/..../style.css"

Is there anything I am missing ?

Original comment by vprathyu...@gmail.com on 23 Jun 2011 at 9:00

GoogleCodeExporter commented 8 years ago
May I see your configuration for this module (with deleted sensitive 
information)? I will try to reproduce based on what I see. Thanks.

Original comment by vent...@gmail.com on 24 Jun 2011 at 9:18

GoogleCodeExporter commented 8 years ago
Here is the config info.currently the web application is used with ipaddress

<configSections>
<section name="securitySwitch" 
type="SecuritySwitch.Configuration.Settings,SecuritySwitch"/>
</configSections>

<securitySwitch mode="On">
        <paths>
            <add path="~/Resources/" secure="Ignore" />
            <add path="~/CSS/style.css" secure="Ignore" />
            <add path="~/JS/lib/" secure="Ignore"/>
            <add path="~/JS/UI/" secure="Ignore"/>
        </paths>
    </securitySwitch>
<system.web>
  <httpModules>
<add name="SecuritySwitch" 
type="SecuritySwitch.SecuritySwitchModule,SecuritySwitch"/>
  </httpModules>
</system.web>

Original comment by vprathyu...@gmail.com on 27 Jun 2011 at 2:42

GoogleCodeExporter commented 8 years ago
Hi again.

With your current configuration, the module will try to redirect ALL requests 
to HTTP (not secure) except for the 3 directories and 1 style sheet you have 
listed. That means, you will never see a secure page with this setup. You'll 
need to add at least one path that you want to be secured in order to allow an 
HTTPS request. I suggest something like the following.

<securitySwitch mode="On">
    <paths>
        <add path="~/Login.aspx" />
        <add path="~/Resources/" secure="Ignore" />
        <add path="~/CSS/" secure="Ignore" />
        <add path="~/JS/" secure="Ignore" />
    </paths>
</securitySwitch>

Please, note how I've added an entry for the Login.aspx page to be secured (via 
HTTPS) and I reduced your CSS and JS directories so anything requested in them 
will be ignored.

Original comment by vent...@gmail.com on 28 Jun 2011 at 12:07

GoogleCodeExporter commented 8 years ago
Thanks for the response. I tried the way you mentioned but I think the problem 
is that the host header is adding 443 which is a default port for SSL to the 
url and it shows as http://ipaddress:443/CSS/style.css which conflicts with 
actual URL(https://ipaddress/CSS/style.css. The fiddler clearly shows that.

Is there a way  I can debug and see if the dll is working correctly ?

Original comment by vprathyu...@gmail.com on 28 Jun 2011 at 8:56

GoogleCodeExporter commented 8 years ago
I would expect it to still use HTTPS even if the 443 port was being added to 
the URL. You are reporting that it is still showing http://, which I find odd. 
Is there a proxy server or certificate server in play here?

You could try adding the baseInsecureUri and baseSecureUri attributes to your 
securitySwitch section to aid the module with the correct URL.

<securitySwitch baseInsecureUri="http://ipaddress" 
baseSecureUri="https://ipaddress:443">
  ...
</securitySwitch>

If you still need to debug this module, you can load the source solution for 
Security Switch into Visual Studio and use remote debugging on the website, or 
attach to the local process (if running locally).

Original comment by vent...@gmail.com on 28 Jun 2011 at 9:16

GoogleCodeExporter commented 8 years ago
I tried using the baseSecureUri and baseInsecureUri but still no affect. Now my 
question is there a way I can see that the dll is in use.For ex any kind of 
logs or something by which I will know whats happening. The problem I see now 
is that I am getting a message in fiddler as Protocol violation error in 
Fiddler as below. Hope you can give some insight on this.

11:00:37:6114 Fiddler Running... 
11:01:55:8949 Fiddler.Network.ProtocolViolation - [#39] Request's Host header 
does not match Host specified in URI.

URL Host:   ipaddress < xxx.xxx.xx.xxx>
Header Host:    ipaddress < xxx.xxx.xx.xxx>:443 
11:14:51:0772 [Fiddler] Failed to read HTTP request from (avp:10700) new client 
socket, port 59328. 
11:15:56:1179 [Fiddler] Failed to read HTTP request from (avp:10700) new client 
socket, port 59359. 
11:34:12:0256 [Fiddler] Failed to read HTTP request from (avp:10700) new client 
socket, port 59566. 
11:39:03:3693 [Fiddler] Failed to read HTTP request from (avp:10700) new client 
socket, port 59858. 
11:40:03:4407 [Fiddler] Failed to read HTTP request from (avp:10700) new client 
socket, port 59898. 
11:45:55:5958 fiddler.network.readresponse.failure> Session #591 raised 
exception Unable to read data from the transport connection: An established 
connection was aborted by the software in your host machine. 
11:52:48:1204 Fiddler.Network.ProtocolViolation - [#639] Request's Host header 
does not match Host specified in URI.

Original comment by vprathyu...@gmail.com on 30 Jun 2011 at 6:18

GoogleCodeExporter commented 8 years ago
If your requests are attempting to redirect, the module is in use. It sure 
seems like something else is going on with Fiddler reporting request via ports 
in the 59000 range.

I suggest disabling the module altogether (mode="Off") and see if you still 
have issues with the site.

Original comment by vent...@gmail.com on 8 Jul 2011 at 2:59

GoogleCodeExporter commented 8 years ago
Closing after no further communication.

Original comment by vent...@gmail.com on 5 Nov 2011 at 3:59