When I run my Atlas-enabled web site over SSL, I get the following security warning message:

This page contains both secure and nonsecure items.

I believe this only started happening when I added the AtlasControlToolkit ModalPopupExtender control to my site.  I have searched these forums for similar problems and the only thing I found that sounds like a possible cause is the iframe.src = "about:blank" issue.  I searched the code but do not see this anywhere.  I also looked for anywhere I may have been referencing a page, image, etc. using http://... but I am not.  I do see in the the following code at the bottom of each page:

<script type="text/xml-script">
  <page xmlns:script="http://schemas.microsoft.com/xml-script/2005" xmlns:atlascontrolextender="atlascontrolextender" xmlns:atlascontroltoolkit="atlascontroltoolkit">

It is possible that the xmlns:script= "http://..." is being seen as a nonsecure item?

I can't imagine that I am the only one experiencing this problem running Atlas and AtlasControlToolkit over SSL...

Any help will be greatly appreciated.

Thanks,

Randall Price

Yes this is the IFRAME issue, and that code is actually inside of Atlas itself.  It's been reported before, but with HoverMenu:

http://forums.asp.net/thread/1295196.aspx

Unfortunately, I don't have a good solution for you - take a look at taht thread and maybe something will come to mind.

I once had same problem with Iframe over SSL.(not with Atlas). Since the client i work for only support IE users. I am not sure my solution will work in browser other that IE.

you can try to modify the Show method of the Sys.UI.PopupBehavior. as follow,

replace the original two lines (blue) with three new lines (red)

Sys.UI.PopupBehavior = function(){
.....

   this.show = function() {

   ...
    childFrame = document.createElement("iframe");
         childFrame.src = "about:blank";

   
    childFrame = document.createElement("SPAN");
    childFrame.innerHTML = '<IFRAME src=\'about:blank\'></IFRAME>';
    childFrame = childFrame.children[0];   

   ...

   }
.....

}

Hi Randall,

I had the same problem and went through some hoops and experimentation to get it to work.

My results were thus:

In the page where I am using the control, i added the following:

<atlas:ScriptManager ID="atlasScript" runat="server" >

<Scripts>

<atlas:ScriptReference Path="AtlasOverride.js" />

</Scripts>

</atlas:ScriptManager>

And  the AtlasOverride.js file looks like this:

Sys.UI.PopupBehavior = function() {
    Sys.UI.PopupBehavior.initializeBase(this);
    
    var _x = 0;
    var _y = 0;
    var _positioningMode = Sys.UI.PositioningMode.Absolute;
    var _parentElement;
    
    var _moveHandler;
    
    this.get_parentElement = function() {
        return _parentElement;
    }
    this.set_parentElement = function(element) {
        _parentElement = element;
        this.raisePropertyChanged('parentElement');
    }
    
    this.get_positioningMode = function() {
        return _positioningMode;
    }
    this.set_positioningMode = function(mode) {
        _positioningMode = mode;
        this.raisePropertyChanged('positioningMode');
    }
    
    this.get_x = function() {
        return _x;
    }
    this.set_x = function(x) {
        _x = x;
        if (this.control && this.control.get_visible()) {
            this.show();
        }
        this.raisePropertyChanged('x');
    }
    
    this.get_y = function() {
        return _y;
    }
    this.set_y = function(y) {
        _y = y;
        if (this.control && this.control.get_visible()) {
            this.show();
        }
        this.raisePropertyChanged('y');
    }
    
    this.hide = function() {
        this.control.set_visible(false);
        var elt = this.control.element;
        if (elt.originalWidth) {
            elt.style.width = elt.originalWidth + "px";
            elt.originalWidth = null;
        }
        if (window.navigator && window.navigator.appName == "Microsoft Internet Explorer" && !window.opera) {
            var childFrame = elt._hideWindowedElementsIFrame;
            if (childFrame) {
                childFrame.style.display = "none";
            }
        }
    }
    
    this.show = function() {
        this.control.set_visible(true);
        var elt = this.control.element;
        var offsetParent = elt.offsetParent;
        if (!offsetParent) offsetParent = document.documentElement;
        var offsetParentLocation = Sys.UI.Control.getLocation(offsetParent);
        var parent = _parentElement ? _parentElement : offsetParent;
        var parentBounds = Sys.UI.Control.getBounds(parent);
        var diff = {x: parentBounds.x - offsetParentLocation.x, y:parentBounds.y - offsetParentLocation.y};
        var width = elt.offsetWidth - (elt.clientLeft ? elt.clientLeft * 2 : 0);
        var height = elt.offsetHeight - (elt.clientTop ? elt.clientTop * 2 : 0);
        var position;
        switch (_positioningMode) {
            case Sys.UI.PositioningMode.Center:
                position = {
                    x: Math.round(parentBounds.width / 2 - width / 2),
                    y: Math.round(parentBounds.height / 2 - height / 2)
                };
                break;
            case Sys.UI.PositioningMode.BottomLeft:
                position = {
                    x: 0,
                    y: parentBounds.height
                };
                break;
            case Sys.UI.PositioningMode.BottomRight:
                position = {
                    x: parentBounds.width - width,
                    y: parentBounds.height
                };
                break;
            case Sys.UI.PositioningMode.TopLeft:
                position = {
                    x: 0,
                    y: -elt.offsetHeight
                };
                break;
            case Sys.UI.PositioningMode.TopRight:
                position = {
                    x: parentBounds.width - width,
                    y: -elt.offsetHeight
                };
                break;
            default:
                position = {x: 0, y: 0};
        }
        position.x += _x + diff.x;
        position.y += _y + diff.y;
        Sys.UI.Control.setLocation(elt, position);
        elt.style.width = width + "px";
        var newPosition = Sys.UI.Control.getBounds(elt);
        var documentWidth = self.innerWidth ? self.innerWidth : document.documentElement.clientWidth;
                if (!documentWidth) {
            documentWidth = document.body.clientWidth;
        }
        if (newPosition.x + newPosition.width > documentWidth - 5) {
            position.x -= newPosition.x + newPosition.width - documentWidth + 5;
        }
        if (newPosition.x < 0) {
            position.x -= newPosition.x;
        }
        if (newPosition.y < 0) {
            position.y -= newPosition.y;
        }
        Sys.UI.Control.setLocation(elt, position);
                if ((Sys.Runtime.get_hostType() == Sys.HostType.InternetExplorer) && !window.opera) {
            var childFrame = elt._hideWindowedElementsIFrame;
            if (!childFrame) {
                childFrame = document.createElement("iframe");
                                childFrame.src = document.createTextNode('');
                childFrame.style.position = "absolute";
                childFrame.style.display = "none";
                childFrame.scrolling = "no";
                childFrame.frameBorder = "0";
                childFrame.style.filter = "progid:DXImageTransform.Microsoft.Alpha(style=0,opacity=0)";
                elt.parentNode.insertBefore(childFrame, elt);
                elt._hideWindowedElementsIFrame = childFrame;
                _moveHandler = Function.createDelegate(this, moveHandler);
                elt.attachEvent('onmove', _moveHandler);
            }
            childFrame.style.top = elt.style.top;
            childFrame.style.left = elt.style.left;
            childFrame.style.width = elt.offsetWidth + "px";
            childFrame.style.height = elt.offsetHeight + "px";
            childFrame.style.display = elt.style.display;
            if (elt.currentStyle && elt.currentStyle.zIndex) {
                childFrame.style.zIndex = elt.currentStyle.zIndex;
            }
            else if (elt.style.zIndex) {
                childFrame.style.zIndex = elt.style.zIndex;
            }
        }
    }
    
    this.getDescriptor = function() {
        var td = Sys.UI.PopupBehavior.callBaseMethod(this, 'getDescriptor');
        
        td.addProperty('parentElement', Object, false, Sys.Attributes.Element, true);
        td.addProperty('positioningMode', Sys.UI.PositioningMode);
        td.addProperty('x', Number);
        td.addProperty('y', Number);
        td.addMethod('show');
        td.addMethod('hide');
        return td;
    }
    Sys.UI.PopupBehavior.registerBaseMethod(this, 'getDescriptor');
    
    this.initialize = function() {
        Sys.UI.PopupBehavior.callBaseMethod(this, 'initialize');
        this.hide();
        this.control.element.style.position = "absolute";
    }
    Sys.UI.PopupBehavior.registerBaseMethod(this, 'initialize');
    
    this.dispose = function() {
        if (_moveHandler && this.control && this.control.element) {
            this.hide();
            this.control.element.detachEvent('onmove', _moveHandler);
            _moveHandler = null;
        }
        _parentElement = null;
        Sys.UI.PopupBehavior.callBaseMethod(this, 'dispose');
    }
    Sys.UI.PopupBehavior.registerBaseMethod(this, 'dispose');
    
    function moveHandler() {
        var elt = this.control.element;
        if (elt._hideWindowedElementsIFrame) {
            elt.parentNode.insertBefore(elt._hideWindowedElementsIFrame, elt);
            elt._hideWindowedElementsIFrame.style.top = elt.style.top;
            elt._hideWindowedElementsIFrame.style.left = elt.style.left;
        }
    }
}
Sys.UI.PopupBehavior.registerClass('Sys.UI.PopupBehavior', Sys.UI.Behavior);

The only line in this whole file that is changed is 133, which is indeed the about:blank problem that gives the mixed content warning.

Let me know if this works for you.

-Jack

Use the following in your aspx pages
<atlas:ScriptManager runat="server" ID="ScriptManager1">
              <Scripts>
                <atlas:ScriptReference Path="~/ScriptLibrary/Debug/Atlas.js" />
                <atlas:ScriptReference Path="~/ScriptLibrary/Debug/AtlasRuntime.js" />
              </Scripts>
</atlas:ScriptManager>

In Atlas.js & AtlasRuntime.js just replace about:blank with javascript:'' and you are done.
If still getting error you can write to sharma_nishant@satyam.com or mailtonis@hotmail.com

Has this been fixed in the beta version?

Thanks

 Victor

Now using AjaxControlToolkit and have this issue with the Hovermenu and validatorCallouts. It seems that this has been an issue for months. The solutions here have not worked in my case. I will continue to work on a solution... but it would be nice if I didn't have to.

I'd welcome any new solution people have found. Thanks

Now using AjaxControlToolkit and have this issue with the Hovermenu and validatorCallouts. It seems that this has been an issue for months. The solutions here have not worked in my case. I will continue to work on a solution... but it would be nice if I didn't have to.

I'd welcome any new solution people have found. Thanks

I have a sample that displays the "non-secure items" warning behavior.

The page is from an AJAXEnabledWebSite Beta-2 template project. I added references to AjaxControlToolkit and Microsoft.Web.Preview assemblies. In the web.config file I added "tagPrefix" entries for the the Toolkit and the Preview assemblies. (I think the Toolkit stuff is not necessary but since I included it in my sample project, I included the info here.)

Here is the self-contained page:

<%@ Page Language="C#" AutoEventWireup="true"  %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>AutoCompleteExtender over https</title>
    <script runat="server">
  [System.Web.Services.WebMethod]
  public static string[] GetFirstNameSuggestions(string prefixText, int count)
  {
   string[] firstNames = { "Andrea", "Angela", "Ann", "Anne", "Annie"};

   int index = Array.BinarySearch(firstNames, prefixText, new CaseInsensitiveComparer());
   if (index < 0)
   {
    index = ~index;
   }

   int matchingCount;
   for (matchingCount = 0; matchingCount < count && index + matchingCount < firstNames.Length; matchingCount++)
   {
    if (!firstNames[index + matchingCount].StartsWith(prefixText,
      StringComparison.CurrentCultureIgnoreCase))
    {
     break;
    }
   }

   String[] returnValue = new string[matchingCount];
   if (matchingCount > 0)
   {
    Array.Copy(firstNames, index, returnValue, 0,
      matchingCount);
   }
   return returnValue;
  }
    </script>
</head>
<body>
    <form id="form1" runat="server">
        <asp:ScriptManager ID="ScriptManager1" runat="server" />
        <div>
        <asp:textbox id="tbFirstName" runat="server" width="200"></asp:textbox>
  <asp:AutoCompleteExtender runat="server" ID="autoComplete1"
   TargetControlID="tbFirstName"
   ServicePath="AutoCompleteExtenderTest.aspx"
   ServiceMethod="GetFirstNameSuggestions"
   minimumprefixlength="1"  />
        </div>
    </form>
</body>
</html>

Here are the web.config entries I added:

<!-- ASP.NET AJAX Value-Add CTP (2 lines) -->
<add tagPrefix="asp" namespace="Microsoft.Web.Preview.UI" assembly="Microsoft.Web.Preview"/>
<add tagPrefix="asp" namespace="Microsoft.Web.Preview.UI.Controls" assembly="Microsoft.Web.Preview"/>
<!-- ASP.NET AJAX Toolkit (1 line) -->
<add tagPrefix="atk" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit"/>

I have a little follow-up information. In my particular case, the "non-secure items" popup only presents in IE6; IE7 and Firefox do not display the error. I have not yet been able to determine whether any specific security- or privacy-related settings (especially in IE6) have any effect.

In Atlas.js & AtlasRuntime.js just replace about:blank with javascript:'', this works for me.

credit goes to community lover 

Yeah, that worked on the pre-Beta version of me, too.

But now I'm using Beta-2, which no longer has Atlas.js nor AtlasRuntime.js. I have searched through the six JS files (MicrosoftAjax.js, MicrosoftAjaxTimer.js, MicrosoftAjaxWebForms.js, PreviewDragDrop.js, PreviewGlitz.js, PreviewScript.js) installed as part of the ScriptLibrary (C:\Program Files\Microsoft ASP.NET\ASP.NET 2.0 AJAX Extensions\v1.0.61025\ScriptLibrary\Debug) and found two "about:blank" lines in PreviewScript.js.

I have tried making a copy of the PreviewScript file, adding it to my project, modifying it to replace "about:blank" with "javascript:" and adding a ScriptReference to the new file like so:

<asp:ScriptManager ID="ScriptManager1" runat="server">
 <Scripts>
  <asp:ScriptReference Path="~/ScriptLibrary/Debug/PreviewScript.js" />
 </Scripts>
</asp:ScriptManager>

But this opens up another can of worms that I cannot figure out yet. When I try the solutions from this thread ( http://forums.asp.net/thread/1465851.aspx ) I get "too much recursion" javascript errors in Firefox. In IE I get an "Out of memory" error and the debugger takes me to about line 3680 of my PreviewScript file at this method:

Sys.Net._WebRequestManager.prototype.executeRequest = function Sys$Net$_WebRequestManager$executeRequest(webRequest) {
    var defaultExecutorType = this.get_defaultExecutorType();
    if (! this.get_forceDefaultExecutor()) {
        if (Sys.Net._WebRequestManager.isCrossDomainRequest(webRequest)) {
            this.set_defaultExecutorType("Sys.Preview.Net.IFrameExecutor");
        }
    }
    this._executeRequest(webRequest);
    this.set_defaultExecutorType(defaultExecutorType);
}

Using an unmodified PreviewScript.js but still included as a ScriptReference give me this error:

Line: 3119
Error: Sys.ScriptLoadFailedException: The script 'ScriptLibrary/Debug/PreviewScript.js' could not be loaded or does not contain the Sys.Application.notifyScriptLoaded() callback.

And that's where I am now: Trying to figure out how to successfully include a script reference to override the ASP.NET AJAX PreviewScript.js file.

Suggestions anyone?