First off, I haven’t forgotten about finishing the Amazon S3 post; I’ve just been sidetracked by a rather frustrating problem that I’m hoping someone can help me with:
Does anyone know how to work around Internet Explorer Protected Mode limitations without requiring the end-user to add our site to the Trusted Sites list?
The problem is that if we enable SSL logins for our site, they can only access SSL pages. IE prevents our non-SSL served pages from accessing the cookie created during the SSL session, so we can either serve everything via SSL (very expensive/resource-intensive), or find some way to set an SSL *and* non-SSL cookie during the login process.
This MSDN article (What does ielowutil.exe have to do with Internet Explorer 8.0?) has the most relevant information I’ve found yet, but it discusses using Windows APIs, and I’m looking for a solution I can implement with ASP.NET, JavaScript, or some other well-delivered solution.
For what it’s worth, I’ve also posted this question (in a much less verbose form) to my Twitter feed here: http://twitter.com/#!/willwm/status/90588135175626752 — feel free to reply to my Twitter post, or this blog post.
Thank you!
Update #1: I’ve also posted this question to Stack Overflow as well:
http://stackoverflow.com/questions/6658620/ie-protected-mode-ssl-login-no-cookie-for-non-ssl-pages
Update #2: A friend of mine shared these links, hopefully they’ll help:
Williamo's Blog 
You should check to see with the SECURE attribute is being set on your cookies (use the F12 developer tools or Fiddler). If it is, you’ll see this behavior on ALL browsers.
If not, then the problem is quite likely that you have in the Trusted Zone and http://whatever.com isn’t also in the Trusted Zone. If that’s your configuration, then yes, Protected Mode is the root cause of the issue, which I’ve explained much more completely here:
http://blogs.msdn.com/b/ieinternals/archive/2011/03/10/internet-explorer-beware-cookie-sharing-in-cross-zone-scenarios.aspx
Thank you!