Our asp.net MVC website is hosted over https & secured with valid certificate from CA. It's trying to access the WCF service over http, but it's throwing the issue as :
Mixed Content: The page at 'https://localhost/...' was loaded over HTTPS, but requested an insecure script 'http://x.x.x.x.9999/signalr/hubs'. This request has been blocked; the content must be served over HTTPS.
We've used absolute URI for WCF service & client endpoint base addresses.
And you are using SignalR as well? Use F12 to see from where this query comes from but for now it seems you (or something else ?) are using a signalr connection using http rather than https.
We could bypass the mixed content browser warning while connecting through WCF app services with http:// uri(unsecure) called from secure https:// website by forcing the browser to load unsafe scripts from client side & on doing that, immediately we can
see 'Not Secure' warning with red icon on browser, though SignalR hub is getting started & working.
Our requirement : is there any way from application side(programmatically) to automatically force the browser to load the unsafe script from http:// url(what have to do manually now).
It would defeat the purpose and the correct fix would be rather to use https. You really checked where this query comes from and why it uses http rather than https? For now my guess is that http is hardcoded somewhere and for now I don't understand why using
https rather than http seems beyond your control. It comes from a 3rd party library? Or from an ASP.NET built in mechanism such as a script manager?
To start with did you find the place where this script is loaded?
The script is loaded from the WCF App service which's hosted with http:// uri scheme. From the asp.net MVC website hosted with valid CA certificate & with https:// uri scheme we're trying to load the script from the app service. Since the
scripts are loaded from web services hosted with http:// into the webpage with
https://, browser gives mixed content security issue.
The website is hosted into AWS EC2 instances IIS 8.5 web server.
Is there any way to pro grammatically(application side) control loading scripts directly from http:// WCF service into asp.net https:// webpage?
It is restricted by security when request http resource from HTTPS. The recommended way is to secure WCF Service by https.
For another way, you may call WCF Service from controller by adding service reference to generate client code, and then request the controller again.
Best Regards,
Edward
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Participant
1660 Points
400 Posts
https asp.net mvc website with valid certificate accessing WCF service hosted in http
Aug 18, 2017 11:25 AM|Anindita.Basak|LINK
Hello,
Our asp.net MVC website is hosted over https & secured with valid certificate from CA. It's trying to access the WCF service over http, but it's throwing the issue as :
Mixed Content: The page at 'https://localhost/...' was loaded over HTTPS, but requested an insecure script 'http://x.x.x.x.9999/signalr/hubs'. This request has been blocked; the content must be served over HTTPS.
We've used absolute URI for WCF service & client endpoint base addresses.
Any pointers will be appreciated.
Thanks,
Anindita
Anindita
http://anindita9.wordpress.com
All-Star
46250 Points
16887 Posts
Re: https asp.net mvc website with valid certificate accessing WCF service hosted in http
Aug 18, 2017 12:01 PM|PatriceSc|LINK
Hi,
And you are using SignalR as well? Use F12 to see from where this query comes from but for now it seems you (or something else ?) are using a signalr connection using http rather than https.
Just in case see https://docs.microsoft.com/en-us/aspnet/signalr/overview/getting-started/introduction-to-signalr to see what is SignalR.
Participant
1660 Points
400 Posts
Re: https asp.net mvc website with valid certificate accessing WCF service hosted in http
Aug 19, 2017 01:38 PM|Anindita.Basak|LINK
Hi there,
We could bypass the mixed content browser warning while connecting through WCF app services with http:// uri(unsecure) called from secure https:// website by forcing the browser to load unsafe scripts from client side & on doing that, immediately we can see 'Not Secure' warning with red icon on browser, though SignalR hub is getting started & working.
Our requirement : is there any way from application side(programmatically) to automatically force the browser to load the unsafe script from http:// url(what have to do manually now).
Thanks,
Anindita
http://anindita9.wordpress.com
All-Star
46250 Points
16887 Posts
Re: https asp.net mvc website with valid certificate accessing WCF service hosted in http
Aug 19, 2017 04:17 PM|PatriceSc|LINK
It would defeat the purpose and the correct fix would be rather to use https. You really checked where this query comes from and why it uses http rather than https? For now my guess is that http is hardcoded somewhere and for now I don't understand why using https rather than http seems beyond your control. It comes from a 3rd party library? Or from an ASP.NET built in mechanism such as a script manager?
To start with did you find the place where this script is loaded?
Participant
1660 Points
400 Posts
Re: https asp.net mvc website with valid certificate accessing WCF service hosted in http
Aug 19, 2017 04:59 PM|Anindita.Basak|LINK
Hi there,
The script is loaded from the WCF App service which's hosted with http:// uri scheme. From the asp.net MVC website hosted with valid CA certificate & with https:// uri scheme we're trying to load the script from the app service. Since the scripts are loaded from web services hosted with http:// into the webpage with https://, browser gives mixed content security issue.
The website is hosted into AWS EC2 instances IIS 8.5 web server.
Is there any way to pro grammatically(application side) control loading scripts directly from http:// WCF service into asp.net https:// webpage?
Thanks,
Anindita
http://anindita9.wordpress.com
Contributor
3300 Points
1611 Posts
Re: https asp.net mvc website with valid certificate accessing WCF service hosted in http
Aug 21, 2017 09:11 AM|Edward Z|LINK
Hi Anindita,
It is restricted by security when request http resource from HTTPS. The recommended way is to secure WCF Service by https.
For another way, you may call WCF Service from controller by adding service reference to generate client code, and then request the controller again.
Best Regards,
Edward
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.