1

I used this powershell script to force the user to login after one hour inactivity:

$sts = Get-SPSecurityTokenServiceConfig
$sts.FormsTokenLifetime = (New-TimeSpan -Hours 1)
$sts.WindowsTokenLifetime = (New-TimeSpan -Hours 1)
$sts.LogonTokenCacheExpirationWindow = (New-TimeSpan -Minutes 1)
$sts.CookieLifetime = (New-TimeSpan -Hours 1 -Minutes 1)
$sts.CookieLifetimeRefreshWindow = (New-TimeSpan -Hours 1)
$sts.update()
iisreset

Here is the issue that I have, Our application uses Windows and Forms authentication and when I use windows account to login, I get this exception occasionally:

[InvalidOperationException: Operation is not valid due to the current state of the object.] Microsoft.SharePoint.Administration.Claims.SPClaimUserKeyUtility.GetUserKeyString(String value) +377 Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String userNameSuffix) +178 Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers) +850 Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea) +424 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +195 System.Web.HttpApplication.ExecuteStep (IExecutionStep step, Boolean& completedSynchronously) +88

After looking at Sharepoint log file I saw this message:

The value is neither a claim user name nor a claim user name suffix. Value: '...'.

Another way to reproduce this issue is login with windows account and sign out and login again and repeat these steps until you get that exception.

one solution was to remove Forms Auth but the issue with that is the people picker won't show the Forms Auth users anymore.

Here are my questions:

  1. Is there any way to fix this issue?
  2. Can we update the widows token before expiration time programmatically?
  3. Is there any way to use CookieLifetime for Forms Authentication users only?
  4. Is there any way to show Forms Auth users in poeple picker without enabling the Forms Auth?

I appreciate your help.

Improve this question
4
  • Generally one would not intermix FBA and Windows auth for the same user. Is this what you're doing, and if so, why? Commented Jan 6, 2019 at 22:24
  • Thank you for your comment but No, that's not what I'm doing. this is happening when I'm using an AD user. Commented Jan 7, 2019 at 1:01
  • Can you please add your web.config for the FBA configuration? Commented Jan 7, 2019 at 1:02
  • I can but do you think FBA configuration are affecting the windows users somehow? because I'm not getting that error when I'm using a FBA user. Commented Jan 7, 2019 at 1:20

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.