First off, I haven’t forgotten about finishing the Amazon S3 post; I’ve just been sidetracked by a rather frustrating problem that I’m hoping someone can help me with:
Does anyone know how to work around Internet Explorer Protected Mode limitations without requiring the end-user to add our site to the Trusted Sites list?
The problem is that if we enable SSL logins for our site, they can only access SSL pages. IE prevents our non-SSL served pages from accessing the cookie created during the SSL session, so we can either serve everything via SSL (very expensive/resource-intensive), or find some way to set an SSL *and* non-SSL cookie during the login process.
For what it’s worth, I’ve also posted this question (in a much less verbose form) to my Twitter feed here: http://twitter.com/#!/willwm/status/90588135175626752 — feel free to reply to my Twitter post, or this blog post.
Update #1: I’ve also posted this question to Stack Overflow as well:
Update #2: A friend of mine shared these links, hopefully they’ll help:
You should check to see with the SECURE attribute is being set on your cookies (use the F12 developer tools or Fiddler). If it is, you’ll see this behavior on ALL browsers.
If not, then the problem is quite likely that you have in the Trusted Zone and http://whatever.com isn’t also in the Trusted Zone. If that’s your configuration, then yes, Protected Mode is the root cause of the issue, which I’ve explained much more completely here: