Sign in---your connection to this site is not private

Question

0.00/5 (No votes)

See more:

We have our application on Windows Server 2012 R2 and running iis version 8.5.

Our application consists of several folders which are published in iis.

we are able to access the pages from all the folders.

Whenever we are going to access the pages from Reports folder the browser showing one sign-in prompt to enter the username and password.

What I have tried:

we have checked all the permissions of that folder and those are same as other folders.
The IUSR user has given full access to all the folders. we have enabled the Anonymous Authentication and also windows Authentication in IIS. in webconfig we have written the below coding

<location path="">
    <system.web>
      <authentication mode="Windows" />
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

I have seen some work around from the internet and applied and but nothing solved the issue. I am not getting the point why the pages in particular Reports folder has that problem.

If you want any further information regarding this issue i will post it.

Can someone help me with this issue.

Posted 12-Aug-18 18:29pm

Member 13142345

Updated 18-Aug-18 17:48pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

AnotherKen · Answer 1 · 2018-08-18T17:49:00

Solution 1

I am not an expert on HTML programming, but I do know that this message and ones like it are displayed on most browsers now that the relevant companies involved decided to try to push the use of HTTPS to try and make websites more secure. If you upgrade to HTTPS then the message should not come up anymore, and from what I have read you can do this by a simple header change; not truly making the website any more secure.

Posted 18-Aug-18 17:49pm

AnotherKen

Comments

Richard Deeming 18-Sep-18 16:04pm

"... you can do this by a simple header change ..."
No, you can't. You need a certificate which is trusted by all users who are connecting to your server. If they're all on your intranet, you might be able to get away with a self-signed certificate, if you can update the trusted certificates store via Group Policy. Otherwise, you'll need a certificate issued by a trusted CA.

As for "not truly making the website any more secure", HTTPS provides a ton of protections and security which you just wouldn't get with plain HTTP. Have a read of Troy Hunt's blog post on the subject:
Troy Hunt: Here's Why Your Static Website Needs HTTPS[^]