403 Forbidden error
There are a limited number of reasons you would get a 403 Forbidden error.
The page does not physically exist using the url provided. The security runs before the existence of the physical page is even checked. If security is on and you are calling a page, the error will occur is the page if not listed as allowed or requiring login. If the page address is wrong, it isn't listed in security and therefore blocked.
If you suspect this is the problem, try turning security off in the settings, publish the settings and try again. If the address was wrong, you will get a page not found error if the security is off.
If Security is enabled, by default, all components, pages, reports, directories, etc, are set to deny access by default. If the page, component, report, etc has been published but cannot be accessed, verify that the security permissions for the component, report, page, etc, have been changed to either require login or always allow access.
Security restrictions also apply to directories. To configure the security for a specific directory, the folder must be added to the workspace. After it has been added, security permissions can be configured for the directory.
The security system will explicitly deny access to folders or file types that are not configured to allow access. If you cannot access files of a specific type (e.g. .xml), check to make sure that the file extensions has been configured to allow access.
Some security files are actually missing. The settings and security guid fields are automatically published, but the security data files must be explicitly published. If they were not published, you will get the error. This typically only occurs after the first publish. If the app was previously published to the target, the files should be there unless someone manually deleted them.
Each project must have a unique guid in the guid.SecuritySettings file (found in the webroot of a published application.) If two projects published on the same server have the same guid, only the first opened will work. The second will return the 403 error as the guid is already in use. This can happen if you publish to one location, and then republish to another. In that case, if the first publish was in error and those files have been removed, you can shut down the Alpha Anywhere program (or server program) and restart. Stopping and restarting the server alone will NOT clear the error.
If you copy a published project's webroot from one folder to another, do not copy the guid.SecuritySettings file. THe guid.SecuritySettings file will be automatically recreated on any publish if it is missing. If you think you may have published to multiple locations, just delete the guid.SecuritySettings file in the webroot and republish. Alpha Anywhere will generate and publish a new guid.SecuritySettings file which will be used for the security.