2008-12-18

ASP.NET Development Server Responds with 403 - Forbidden in Firefox

I've been working on an ASP.NET site for a few months that requires Windows Authentication, and it was working fine when running the site in the ASP.NET Development Server and accessing in Firefox.

That is, until today.

Today, it decided to start kicking back Forbidden messages every time I tried to access it. Why would it start doing that to me?

It turns out I had at some point told Firefox to remember the password for the site, then had to change my domain credentials after doing so. Since my saved password didn't match the new password, the site was forced to return a Forbidden. I would hope that Firefox would prompt me for a new password when the authentication failed, but it didn't.

So how do we get back to good in Firefox?
You have to go into the Saved Passwords settings in Firefox and remove the site from the list of passwords to store.

In Firefox 3:
Tools | Options
Click on the "Security" button on the ribbon at the top of the Options dialog
Firefox Security Options dialog
Click the "Saved Passwords..." button in the "Passwords" section of the "Security" tab.
Find the offending site in the "Saved Passwords" dialog and click the "Remove" button.
Firefox Saved Passwords dialog
Click "Close" on the "Saved Passwords" dialog.
Click "OK" on the Options dialog.
Open the site again and Firefox should prompt you for the new credentials.

Hope this helps!