403 errors when accessing management pages

Sep 15, 2011 at 6:56 PM

I've installed the FBA Pack solution and activated the feature on my site.  I had some trouble getting the Deploy script to work so I had to install manually, but everything appears to be where it should be and I don't show any obvious errors.

When I attempt to Add or Modify a User or Role I get a 403 access denied message.  Double checking the permissions on the FBA/Management folder security is inheriting from its parent and I can open the Display.aspx pages in the same folder.  I am trying to access while logged in as the site collection admin.

In addition I'm unable the management webparts (Change Password, Membership Request, Password Recovery) to a page, as soon as I do I get the same 403 error. 

Thanks.

Coordinator
Sep 16, 2011 at 2:18 AM

I haven't heard of this before. Did you get the 403's at all before the FBA Pack was added?  Can you get the list of users in FBA User Management, or use any of the functionality? Or does EVERYTHING FBA Pack related return a 403?

Can you check your SharePoint log files at the time you get a 403 and see what gets logged.  Hopefully there'll be a clue in there as to what's going on.

Sep 16, 2011 at 11:20 AM

This is a fresh install, but everything else works on the site.  I am able to get to the 4 FBA management pages from Site Settings, the user list, etc.  I can't get to the edit or add pages though and adding one of the webparts causes a 403 as well.  So it's not an issue with the entire FBA directory security and I verified that all the pages under FBA have the same NTFS security. 

The IIS logs show the 403 - the Sharepoint logs show the attempted request but I don't see any errors there.

2011-09-16 11:03:55 192.168.1.202 GET / - 80 - 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 403 0 0 1225

2011-09-16 11:03:55 192.168.1.202 GET /_layouts/Authenticate.aspx Source=%2F 80 - 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 302 0 0 305

2011-09-16 11:04:00 192.168.1.202 GET /_login/default.aspx ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F 80 - 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 200 0 0 5021

2011-09-16 11:04:02 192.168.1.202 GET /_forms/default.aspx ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F 80 - 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 200 0 0 59

2011-09-16 11:04:02 192.168.1.202 POST /_login/default.aspx ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F 80 - 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 302 0 0 222

2011-09-16 11:04:08 192.168.1.202 POST /_forms/default.aspx ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F 80 - 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 302 0 0 1919

2011-09-16 11:04:08 192.168.1.202 GET /_layouts/Authenticate.aspx Source=%2F 80 0#.f|fbamembershipprovider|username 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 302 0 0 57

2011-09-16 11:04:08 192.168.1.202 GET / - 80 0#.f|fbamembershipprovider|username 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 200 0 0 209

2011-09-16 11:04:12 192.168.1.202 GET /SitePages/Home.aspx - 80 0#.f|fbamembershipprovider|username 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 200 0 0 3737

2011-09-16 11:04:24 192.168.1.202 GET /_layouts/settings.aspx - 80 0#.f|fbamembershipprovider|username 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 200 0 0 185

2011-09-16 11:04:26 192.168.1.202 GET /_layouts/FBA/Management/FBASiteConfiguration.aspx - 80 0#.f|fbamembershipprovider|username 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 200 0 0 518

2011-09-16 11:04:30 192.168.1.202 GET /_layouts/FBA/Management/UsersDisp.aspx - 80 0#.f|fbamembershipprovider|username 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 200 0 0 250

2011-09-16 11:04:32 192.168.1.202 GET /_layouts/FBA/Management/UserEdit.aspx UserName=username 80 0#.f|fbamembershipprovider|username 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 403 0 0 153

2011-09-16 11:06:11 fe80::b836:2925:6c0:fe2c%11 GET /_vti_bin/sitedata.asmx - 80 - fe80::b836:2925:6c0:fe2c%11 Mozilla/4.0+(compatible;+MSIE+4.01;+Windows+NT;+MS+Search+6.0+Robot) 200 0 0 7

2011-09-16 11:06:11 fe80::b836:2925:6c0:fe2c%11 POST /_vti_bin/sitedata.asmx - 80 - fe80::b836:2925:6c0:fe2c%11 Mozilla/4.0+(compatible;+MSIE+4.01;+Windows+NT;+MS+Search+6.0+Robot) 401 0 0 8

2011-09-16 11:08:13 192.168.1.202 GET /_layouts/FBA/Management/UserEdit.aspx UserName=username 80 0#.f|fbamembershipprovider|username 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 403 0 0 459

2011-09-16 11:08:16 192.168.1.202 GET /_layouts/FBA/Management/UserEdit.aspx UserName=username 80 0#.f|fbamembershipprovider|username 192.168.1.146 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/5.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+MS-RTC+EA+2;+InfoPath.3;+MS-RTC+LM+8) 403 0 0 29

 

Sharepoint log

09/16/2011 06:08:13.03 w3wp.exe (0x0220)                       0x0C60  SharePoint Foundation                 Monitoring                                   nasq      Medium              Entering monitored scope (Request (GET:http://spextranet:80/_layouts/FBA/Management/UserEdit.aspx?UserName=username))              

09/16/2011 06:08:13.03 w3wp.exe (0x0220)                       0x0C60  SharePoint Foundation                 Logging Correlation Data                     xmnv     Medium              Name=Request (GET:http://spextranet:80/_layouts/FBA/Management/UserEdit.aspx?UserName=username) b2b05e58-79be-49f7-abc2-5ef1a40090f7

09/16/2011 06:08:13.42 w3wp.exe (0x0220)                       0x0C60  SharePoint Foundation                 Logging Correlation Data                     xmnv     Medium              Site=/    b2b05e58-79be-49f7-abc2-5ef1a40090f7

09/16/2011 06:08:13.49 w3wp.exe (0x0220)                       0x0C60  SharePoint Foundation                 Monitoring                        b4ly                Medium              Leaving Monitored Scope (Request (GET:http://spextranet:80/_layouts/FBA/Management/UserEdit.aspx?UserName=username)). Execution Time=459.541086925852               b2b05e58-79be-49f7-abc2-5ef1a40090f7

09/16/2011 06:08:16.35 w3wp.exe (0x0220)                       0x0FD4 SharePoint Foundation                 Monitoring                                   nasq      Medium              Entering monitored scope (Request (GET:http://spextranet:80/_layouts/FBA/Management/UserEdit.aspx?UserName=username))              

09/16/2011 06:08:16.35 w3wp.exe (0x0220)                       0x0FD4 SharePoint Foundation                 Logging Correlation Data                     xmnv     Medium              Name=Request (GET:http://spextranet:80/_layouts/FBA/Management/UserEdit.aspx?UserName=username) bc2688a9-f569-4912-8ff8-0ff22738856a

09/16/2011 06:08:16.35 w3wp.exe (0x0220)                       0x0FD4 SharePoint Foundation                 Logging Correlation Data                     xmnv     Medium              Site=/    bc2688a9-f569-4912-8ff8-0ff22738856a

09/16/2011 06:08:16.37 w3wp.exe (0x0220)                       0x0FD4 SharePoint Foundation                 Monitoring                        b4ly                Medium              Leaving Monitored Scope (Request (GET:http://spextranet:80/_layouts/FBA/Management/UserEdit.aspx?UserName=username)). Execution Time=27.6023908066528               bc2688a9-f569-4912-8ff8-0ff22738856a

Sep 16, 2011 at 11:40 AM

Slight update, I am having some 403 trouble with a couple pages outside of FBA. 

I seem to have access to everything under People and Groups.  I was able to add my FBA account into the Owners group and I verified that the account shows as a Site Collection admin, but in the Site Permissions area I am unable to Grant Permissions, Create Group, Edit or Remove User Permissions, selecting any of those options brings me to a 403 error page.

Coordinator
Sep 16, 2011 at 12:42 PM

I think something's up with the SharePoint installation - because even if you don't have access to a page you shouldn't get a 403.  You should get a special SharePoint "Access Denies/Request Access" page.

Sep 16, 2011 at 12:51 PM

Yeah, I agree.  I'll keep digging and post back here if I figure it out.  Thanks.