A 403 – Forbidden error after login in Microsoft Power Pages or Dynamics 365 Portals typically means the authenticated user doesn’t have permission to view the requested page or resource. This is often due to a misconfiguration of Web Roles, Entity Permissions, or Page Access Control Rules.
Let’s break this down step by step to help you identify and resolve the issue.
Step 1: Understand What 403 Forbidden Means
In Power Pages, a 403 error after login generally occurs because:
- The user is authenticated but not authorized to access the page or data.
- The page is restricted to specific web roles, and the logged-in user does not belong to any of those roles.
- Entity permissions are missing or not properly configured.
Step 2: Reproduce the Error
Before diving into a fix, try this:
- Login with the affected user account.
- Note the URL that triggers the 403 error.
- Check if it’s a custom page, dashboard, or CRUD-based list/form.
This helps narrow down whether it’s a page access issue or an entity permission issue.
Step 3: Verify Web Roles
A. Assign Correct Web Role to the Contact/User
- Go to Power Pages Admin Center or Dynamics 365 backend.
- Navigate to Contacts > Select the affected contact.
- Under Web Roles, ensure the contact is assigned a relevant web role:
- Example: Authenticated Users, Administrators, or your custom role.
- Save and try logging in again.
B. Confirm Web Role Has Necessary Access
- Go to Web Roles in Power Pages management app.
- Open the relevant role.
- Check that it is linked to:
- Page Permissions
- Entity Permissions (if applicable)
Step 4: Check Web Page Access Control Rules
- Open Web Pages from the management app.
- Locate the page showing the 403 error.
- Scroll to Access Control Rules:
- If the page has access control enabled, ensure that the required web role is listed under Web Roles.
- If not, the portal will block even authenticated users.
Tip: Try temporarily disabling access control to test if this is the cause.
Step 5: Check Entity Permissions (for data-related pages)
If the page involves a form, list, or custom component pulling from Dataverse tables, make sure:
- Entity Permission is created for the table (entity).
- The right privileges (Read, Create, Update, etc.) are set.
- The Scope (Global, Contact, Account, etc.) matches your use case.
- The permission is linked to the correct web role.
Example: If you’re showing a list of cases for a contact, and your entity permission is scoped to “Account,” but your contact is not associated to an account, the permission won’t apply.
Step 6: Check Web Page’s Parent Permissions
Sometimes the issue is not the page itself, but its parent page:
- If the parent page has access control and the current user cannot access it, the child page will also throw a 403 error.
- Ensure the entire hierarchy (Home > Dashboard > Target Page) is accessible to the user.
Step 7: Disable Caching (For Testing)
Power Pages can cache page-level permissions. To avoid confusion while troubleshooting:
- Go to Portal Management App.
- Navigate to Site Settings.
- Add or modify this setting:
- Name:
DisablePageOutputCache - Value:
true
- Name:
Then restart the portal for changes to take effect.
Step 8: Use Portal Diagnostics
Microsoft Power Pages include diagnostics:
- Go to:
https://yourportal.powerappsportals.com/_services/about - This will show enabled roles, entity permissions, and potential misconfigurations.
- You can also enable Trace Logs to see backend issues.
Step 9: Clear Browser Cache and Portal Cache
Sometimes, changes won’t reflect immediately. Do this:
- Clear your browser cache or try an incognito window.
- Restart the portal:
- Go to Power Apps Admin Center > Portal Management > Click your site > Click Restart.
Step 10: Set a Fallback Page
If the issue is intermittent, consider setting a default landing page after login that’s accessible by all authenticated users:
- Go to your Website record in the Portal Management app.
- Update Home Page or Sign-in redirect to a page with no access controls.