403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied

Question

I have my website. First time I can successfully login.

Default address:

www.abc.com

I typed this on browser and I redirected to my login page:

www.abc.com/pages/landingpage.aspx

I entered my login credential and log into the site.

After some time I opened a new tab and enter my website address

www.abc.com

Now it gives me an error:

403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.

The whole story is this: if I am not logged on my site, then I can open my site number of tabs and browsers. But as soon as I logged in my site, I am getting the error above.

 <authentication mode="Forms">
  <forms name="MMFormAUTH" loginUrl="Pages/LandingPage.aspx" defaultUrl="Pages/LandingPage.aspx" timeout="60" protection="All" slidingExpiration="true" enableCrossAppRedirects="false" requireSSL="false" />
</authentication>
<authorization>
  <deny users="?" />
</authorization>
<sessionState cookieless="false" cookieName="abc" mode="InProc" timeout="60">
</sessionState>
<httpRuntime maxRequestLength="1000240" executionTimeout="120" />

I am using forms authentication and already added default page to my site. — vikas, Oct 15 '12 at 09:48

score 12 · Accepted Answer · answered Oct 15 '12 at 10:05

12

Try this

 <allow  users="?" />

Now you are using <deny users="?" /> that means you are not allowing authenticated user to use your site.

authorization Element

answered Oct 15 '12 at 10:05

Amit

21,570
27
74
94

As soon as you login, you become authentic and at the same time you set authorization deny. That is why you are able to login first time but not after that. – Amit Oct 15 '12 at 10:10
Any way first try my code then tell me are you able to solve your problem? – Amit Oct 15 '12 at 10:13
should i use – vikas Oct 15 '12 at 10:42
@vikas : * will allow every user if he authenticated or not. Are you still stuck with the problem? – Amit Oct 15 '12 at 11:17
It seems that your `LandingPage.aspx` is in `Pages` folder. In that case you should add other config file to this folder. – Amit Oct 15 '12 at 11:28

score 12 · Answer 2 · answered Jan 18 '13 at 20:07

I had the same problem. It turned out that I didn't specify a default page and I didn't have any page that is named after the default page convention (default.html, defult.aspx etc). As a result, ASP.NET doesn't allow the user to browse the directory (not a problem in Visual Studio built-in web server that allows you to view the directory) and shows the error message. To fix it, I added one default page in Web.Config and it worked.

<system.webServer>
    <defaultDocument>
        <files>
            <add value="myDefault.aspx"/>
        </files>
    </defaultDocument>
</system.webServer>

score 2 · Answer 3 · edited Jun 16 '21 at 10:35

2

If your using MVC in your project you must use:

routes.IgnoreRoute("");

More here.

ASP.NET MVC not serving default document

edited Jun 16 '21 at 10:35

Hakan Fıstık

16,800
14
110
131

answered Aug 06 '14 at 20:46

Eric Wild

641
5
12

score 2 · Answer 4 · answered Feb 01 '20 at 04:07

You can get the same error in Asp.net MVC5 if you have a class name and a folder with a matching name Example : If you have class lands where when you want to see view/lands/index.cshtml file, if you also have a folder with name 'lands' you get the error as it first try the lands folder

score 2 · Answer 5 · edited May 31 '20 at 20:27

2

Resolution for 404 Forbidden in recent .Net 4.7 MVC/webform pplication hosting in Azure VM We need to install the .Net 4.7 and extensibilty and development in server role other than the .Net 4.7/version feature as below: This might have been alreday activated .Net Activated feature

We need to also add the below under IIS webserver role-> Application Development -> select the .Net version as below Image to Activate the requited Role under IIS webserver Role Server Role Activation under application Development

edited May 31 '20 at 20:27

Wai Ha Lee

8,598
83
57
92

answered May 31 '20 at 19:59

Himanjan

21
2

Got me a couple of times this one (and half a day wasted each time) - my option was net 4.6 dev. – bendecko Aug 11 '20 at 19:21

score 0 · Answer 6 · edited Feb 27 '15 at 19:39

0

In my case, the issue was new sites had an implicit deny of all IP addresses unless an explicit allow was created. To fix: Under the site in Features View: Under the IIS Section > IP Address and Domain Restrictions > Edit Feature Settings > Set 'Access for unspecified clients:' to 'Allow'

edited Feb 27 '15 at 19:39

Community

1
1

answered Feb 27 '15 at 15:05

Ken

1
1

score 0 · Answer 7 · answered Apr 11 '15 at 06:52

0

<configuration>
 <location path="Path/To/Public/Folder">
  <system.web>
     <authorization>
        <allow users="?"/>
     </authorization>
  </system.web>
 </location>
</configuration>

answered Apr 11 '15 at 06:52

Musakkhir Sayyed

7,012
13
42
65

403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied

7 Answers7

Linked