I am using Asp.net Masterpagse. I am using a slide down div that asks user to log in or register. I would like to HTTPS this div area of the page and not the whole page. This area shows up in all pages since its part of the master page.
Thank you in advance!
The content will have to be part of a completely separate http request. There are a few ways to do that; if push comes to shove, you could always put it in an iframe.
You can make the whole page secure, or you can, as said before, put it in an iframe, or use a secure http ajax request (although I'm pretty sure the browser won't see the page as encrypted. You probably would be fine sending the form to a secure action url, however, the browser won't show the page as 'secure' until the form is sent.
Does anyone know if this is possible
Well yeah, you can put an HTTPS document in an iframe on an unprotected document if you want. But there's absolutely no point.
There is no browser interface visible to let the user know that the contents of the iframe come from HTTPS. A man-in-the-middle attacker could easily change the src of the ‘secure’ iframe to point to their own ‘evil’ iframe; the result would be completely indistinguishable to the user (unless they inspected the HTML source thoroughly, which isn't going to happen).
So though your login submission may be going through HTTPS in the normal course of things, you have actually gained nothing from that.
Users should never be given a ‘secure’ login on a page that isn't itself completely served through HTTPS (getting the browser lock icon). If you want a drop-down login on every HTTP page you can have that, but there must be a warning on the drop-down that it may not be secure, and a link to an HTTPS page from which they can then login properly.