SharePoint 2007 Forms Based Authentication and Check-Out

If you ever have had a scenario where you had a SharePoint site working with the Windows Authentication provider and had to turn on Forms Based Authentication, then you may begin to experience issues with checking out documents via Office (Microsoft Word as an example). It is not a widely documented configuration setting but enabling client side integration will fix the issue of checking out documents (see setting below). Credit for finding the setting goes to my mate, Simon Tyrrell :)

After configuring this setting, the larger authentication issue for MS Office still remains; after checking out the document, Office is not able to authenticate successfully unless persistent cookies are enabled. As you may know persistent cookies are enabled when a user clicks on the "Sign me in automatically" checkbox when they log in to SharePoint and these are stored on the users hard disk until they time out or the user erases them. If the user does not click the "Sign me in automatically" checkbox while logging in, session cookies are used and this essentially means that other than the client browser no other application can read the session cookie. The important takeaway here is that Office applications can only read persistent cookies.
Though the default timeout for peristent cookies is 30 minutes, the web.config file can be configured to set this to a longer time period. The web.config setting below demonstrates a timeout of 120 minutes or 2 hours. Another important note is that the moment the cookie expires, client side integration stops working and the user is prompted to enter credentials again.

To solve the issue, Microsoft have released an unwarranted custom httphandler that converts the Forms-based authentication (FBA) prompt originating from a client-side application (like MS Word; when client integration and FBA are enabled) and translates this to a Basic Authentication prompt. This allows the user to re-authenticate into SharePoint. Click here to download the httphandler.

Client-side Integration Setting (click for larger picture)