“Sign me in automatically” in Forms Authentication


Now this is not just limited to SharePoint, but, since my main focus is SharePoint, this is where I come across this issue the most. When you log in with SharePoint via Forms Based Authentication, there is that little “Sign me in automatically” checkbox below the FBA login form. If you check this, you may realize that a few hours later, when you go to log back into the site, it does not seem to actually remember you at all. That is because by default, it will only remember you for 30 minutes. We can change this quite easily however… This option is controlled within your web application configuration file (web.config) on the server.

If you open this file directly, search for <authentication mode=”Forms”> under <system.web>, you will see, by default, this:

<authentication mode="Forms">
<forms loginUrl="/_login/default.aspx" />

You can also look in IIS as well, under the Configuration Editor feature in the Management section of the web application



If we expand system.web, and click on authentication


Now, the two options we want to look at in here are timeout, and sliding expiration…


The definitions for both of these settings are below, taken from MSDN.

When the SlidingExpiration is set to true, the time interval during which the authentication cookie is valid is reset to the expiration Timeout property value. This happens if the user browses after half of the timeout has expired. For example, if you set an expiration of 20 minutes by using sliding expiration, a user can visit the site at 2:00 PM and receive a cookie that is set to expire at 2:20 PM. The expiration is only updated if the user visits the site after 2:10 PM. If the user visits the site at 2:09 PM, the cookie is not updated because half of the expiration time has not passed. If the user then waits 12 minutes, visiting the site at 2:21 PM, the cookie will be expired. (from: http://msdn.microsoft.com/en-us/library/system.web.configuration.formsauthenticationconfiguration.slidingexpiration.aspx)

The amount of time in minutes after which the authentication expires. The default value is 30 minutes. (from: http://msdn.microsoft.com/en-us/library/system.web.configuration.formsauthenticationconfiguration.timeout.aspx)

I suggest setting this to something much higher… if your users will generally log in once a month, setting this to a couple of months, will ensure they are remembered, and with sliding expiration configured, if they log in during the 3rd month, then the system will reset the time on that cookie, remembering them for another 3 months from that date. For sites which have users logging in less often, setting this to a year will be a decent bet that this will remember them for some time. A year in minutes would be: 525600

Hopefully this helps in your configuration of FBA for SharePoint, as well as other FBA applications.


PerfomancePoint Dashboard Designer “Code blocks are not allowed in this file”


If you are configuring PerformancePoint in SharePoint 2010, and you are attempting to launch the Dashboard Designer ClickOnce application from the Business Intelligence Center site you have created, you may encounter this error. Some books and blog posts on the subject of configuring and running PerformancePoint services do not seem to touch on this – SharePoint by default, does not allow in-page code.

To get around this, you will need to modify the web.config file for the web application in which PerformancePoint lives, by inserting the following code in the <SharePoint><SafeControls><PageParserPaths> section as shown below.

  <SafeMode MaxControls="200" CallStack="false" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false">
       <PageParserPath VirtualPath="/BICenter/Pages/ppssample.aspx" CompilationMode="Always" AllowServerSideScript="true" />

Where the VirtualPath listed above is the relative URL to the ppsample.aspx page within your BI Center.

%d bloggers like this: