I am upgrading from the old SecureWebPages that automates the switching between Http and Https content via web.config.

For some strange reason, having contents like:

<link type="text/css" href="assets/css/style.css" rel="stylesheet" />

no longer automatically loads from the appropriate https location. The console in Google Chrome shows me this:

The page at https://website.com/UserAccess.aspx ran insecure content from http://website.com/assets/css/style.css.

This behavior didn't exist when I was using the older SecureWebPages. In the past the above CSS statement works fine without any errors.

My web.config:

<securitySwitch mode="RemoteOnly">
<paths>
  <add path="~/Register.aspx"/>
  <add path="~/SSL.Master"/>
</paths>

Is there anything wrong with my configurations? Please advise. Thanks!

You need to tell SecuritySwitch to ignore your CSS folder, or even your entire Assets folder if it contains images and the like as well. Here is a path you can add to the securitySwitch section for the assets folder.

<securitySwitch mode="RemoteOnly">
<paths>
  <add path="~/Register.aspx"/>
  <add path="~/assets/" security="Ignore"/>
</paths>
</securitySwitch>

This will tell SecuritySwitch to ignore the assets folder, and everything under it. Also, your path for the master file does nothing, since .master files are never served to a browser.

I hope this helps!