SSL problem with ASP.NET and Macintosh browser

  • Thread starter Thread starter Bob Skutnick
  • Start date Start date
B

Bob Skutnick

Greetings,
I'm hoping someone has experienced a problem I'm having:

I have an existing ASP application (working fine) that
uses an SSL server certificate. My user community is made
up of both PC's and Macintosh computers.

I've re-written this application in ASP.NET for a number
of reasons and now find that my Mac users are having
problems with the application. SSL works just fine for PC
users, won't work for Mac users (browser is Internet
Explorer). When a Mac user tries to login to my
application using SSL (https://) the browser produces an
error saying "Security failure, a secure connection could
not be established". Mac users can use the site/app
without SSL (http://)

This is the same server and site and server certificate
that was used with the ASP app. Is there a problem
using "server.transfer()" when SSL is part of the
equation? Any special web.config issues?

I'm truly stumped on this one... Thanks so much for any
assistance.

Bob Skutnick
 
I have encountered something very similar to this.

We have internal access with no SSL, and external access with SSL. The only
problem we had is when users with Mac and IE or Netscape tried to access the
site externally hence going through SSL. The same Mac with the same
IE/Netscape would succeed internally, no SSL, but fail externally with SSL.
We do not get the error you are getting but get something like "resource not
available" from IE, netscape hangs forever. Here is the kicker, it only
happens with form posts, not gets. I created a plain html page with a form
post, and sure enough I encounter this problems. Change it to a form get and
it succeeds. So in our scenario its the IE/Netscape on Mac in combination
with our SSL accelarator in combination with form posts. Our network guys
have a question in with Cisco to see if they had seen this before.

So I don't have any answers but I am seeing somthing similar.
 
Most interesting. I'm using form post (not get). Normally
with MS IE on a Mac there is no error - just hangs, in IE
5.2.2 under OS X you see the "security failure". Have not
tried Netscape yet.

Bob
 
Forgot one thing.. Opera and Safari on the Macs both succeed. So its only IE
and Netscape.
 
Maybe there is a certificate-trust issue that can be
tweaked on the Mac side.

Maybe the HTTP header is not being sufficently unwrapped
on the Mac side, or it can't be unwrapped fast enough on
the Mac side and the error defaults to "Security
failure...". Or vice-versa on the web server side.

Is the web server exactly the same (NT/Win2K/Win2K3)
between your application versions? Is the certificate
exactly the same? Just to rule out low-level issues, you
might want to install the ASP site on one IP number and
ASP.NET on another IP number and switch between them to
make sure that it is ASP.NET that is actually causing the
issue.

Assuming that it is in fact ASP.NET, are you using
cookies or sessions? Those state mechanisms have to put
information into the HTTP header. Using cookieless
sessions (my favorite) or strict ViewState might solve
your problem, as they transfer state info wholly in the
GET and HTTP body.

Are you using ASP.NET Forms Authentication or a custom
implementation? Perhaps either (especially the default
cookie-using method of Forms Auth) is not translating
something over SSL.

Hope that helps.
 
Thanks for your ideas.

Exact same server (win2k), exact same certificate. Exact
same SQL server custom authentication.
Your mention of cookieless session state was a good
thought as I am using cookies. I changed it to
cookieless="true" and was hopeful but the app still fails
on a Mac browser.
Someone mentioned get vs. post and that seems to be
something. All of my forms use method="post". All of my
page to page navigation use server.transfer. Any thoughts
on this?

I might be getting somewhere.
Bob
 
Did you try creating the simple html page with a form post and do the
expirement i tried? Did you try Opera or Safari? In my situation, which is
very close to your problem, these two tests took away asp.net having any
involvement in my problem, and put all of the focus on the SSL acelerator
along with IE/Netscape on MAC being the real culprits, which the network
admins confirmed.
 
I tried Safari and it works fine with SSL, which makes me
think the problem is not asp.net. If that is true and the
problem is the SSL acelerator (I don't know what that is)
how could I fix it? Or is it possible?
Thanks,
Bob
 
I tried looking and looking and I have not found a resolution. Like I said
we have a admin waiting to hear from Cisco on this. It may be a firmware
bug, it may be an IE/Netscape Mac version bug???

The combination I had narrowed it done to is:

IE/Netscape + Macintosh + Form Post + SSL

Replace any one of the above and it works.

Opera/Safari + Macintosh + Form Post + SSL ->WORKS

IE/Netscape + Windows + Form Post + SSL -> WORKS

IE/Netscape + Macintosh + Form Get/Any HTTP Get + SSL -> WORKS

IE/Netscape + Macintosh + Form Post + NO SSL -> WORKS

IE/Netscape + Macintosh + Form Post + SSL -> BUG/ HANGS
 
Back
Top