Microsoft .net Security Warning : Never enter personal information or passwords

So I have an ASP.net application, with an ActiveX Control which brings up a pop up

• When I point to the application directly through IP there is no problem with the pop up eg. xxx.xxx.xxx.xxx/MyApp (under Default Website in the IIS -- IIS 7)
• Problem arises when I set up the IIS to point it to a domain xxx.xxxxx.com which points to the above IP (under another "Site" i.e. not the "D开发者_如何学编程efault Site in IIS 7)

I then get this weird

Microsoft .net Security Warning Never enter personal information or passwords into a window unless you can verify and trust the source of the request.

Source: xxx.xxxxxx.com

The site is in the trusted list -- just like when I was using the IP only . Is there any setting in the IIS I need to tweak for IE to trust me fully.

Ok, this was interesting me, so I di waht you should have done - google with the message.Got a ton of crappy ansers, but in this i found some explanations:

http://www.codeproject.com/Messages/2882928/how-can-i-suppress-Microsoft-NET-security-warning-.aspx

Basically, you can't disable the warning. You have no control over it at all. The only thign you CAN do is rewrite your control so your code doesn't trip the warning. Your control is doing something, or using something, that is not allowed in the restricted sandbox of the web browser.

So, it is about things you do in the control.

Thhere is a link to a MS support case:

http://support.microsoft.com/?scid=kb%3Ben-us%3B820637&x=8&y=12

But I am not sure it is so helpfull.

Sadly this is all information I did come along with. Is the control digitally signed and the signature trusted by the users?

Oh... and then there is:

http://www.ms-news.net/f1094/net-2-0-apps-think-theyre-being-run-internet-but-theyrebeing-run-intranet-6884147.html

which can relally be it.

Do you happen to use fully qualified domain names to reference the remote machine (ex: server.domain.local)? If so, does the problem go away if you use just the netbios name (server).

Solutions provided, included a link to the relevant MS documentation.

Check your IE GPO's. It has to do with the site being in the Trusted Sites secuirty zone. We had the same issue when using the FQDN of the site. We had something like *.domain.local go to trusted sites. Thats why when you used the server alias or IP address it would work (unless the GPO was also applied to that).

I'm experiencing the same security warning with a clickonce application. Check out the documentation for the UIPermissionWindow. I got rid of the warning by setting the following permission in the application manifest:

<IPermission class="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Window="AllWindows" Clipboard="OwnClipboard" />

I wasn't to happy with solving it this way, I really wanted to run the app with the default Internet zone permissions. I have a theory that there might be some reverse DNS lookup issues causing this behaviour, the documentation states:

Will show the DNS name or IP address of the Web site from which the application was loaded in its title bar.

My application is published at http://transformtool.codeplex.com, but a reverse lookup yields *.codeplex.com. I have a feeling that this might be a problem. Are you running several domain names on the same IP?