Sharepoint FBA HTTP 403 forbidden error


  • Hi,

    I am using Sharepoint 2010 claims based authentication. As soon as i enter the user name and password, i am getting HTTP 403 forbidden error.

    I have added the web config enteries in 3 web config files as mentioned in the below article:




    this .userBO.CustomerName, false );



    this .userBO.CustomerName, false );

    Both statments are working fine and also I am able to search the user and I have added the user Role in the central admin web site.

    But i m getting the error.

    Log trace in 14 hive/ LOGS is

    System.ArgumentException: Exception of type 'System.ArgumentException' was thrown.  Parameter name: encodedValue    at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedSuffix)     at Microsoft.SharePoint.SPGlobal.CreateSPRequestAndSetIdentity(SPSite site, String name, Boolean bNotGlobalAdminCode, String strUrl, Boolean bNotAddToContext, Byte[] UserToken, String userName, Boolean bIgnoreTokenTimeout, Boolean bAsAnonymous)     at Microsoft.SharePoint.SPWeb.InitializeSPRequest()     at Microsoft.SharePoint.WebControls.SPControl.EnsureSPWebRequest(SPWeb web)     at Microsoft.SharePoint.WebControls.SPControl.SPWebEnsureSPControl(HttpContext context)     at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.GetContextWeb(HttpContext context)     at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PostResolveRequestCacheHandler(Object oSender, EventArgs ea)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Please help me.


    Wednesday, June 30, 2010 6:16 AM


  • Hi I got it resolved.

    1) Register membership provider in 3 web config files as mentioned in the below article. which i was doing.

    2) Step that i missed is to use new class for authentication and not the previous one Membership.validateUser().

    Now we have to use SPClaimsUtility.AuthenticateFormsUser(Request.Url,<username>,<Password>);

    This worked for me. The only problem with this method is it creates a persistant cookie on the client machine, so if user closed the browser, next time he will automatically logged in to the system. User needs to explicitly say sign out.



    • Marked as answer by Samagra Thursday, July 01, 2010 12:30 PM
    Thursday, July 01, 2010 12:30 PM

All replies