Asp.Net Web API Cookie Expiration on shared hosting env

Question

I am new to the asp.net web api and facing below problem.

1- I am having a website which is hosted on a shared hosting env(GoDaddy). Server is written in the Asp.Net Web Api. Client is written in HTML and communicating via ajax requests. This application is totally session less but sends cookie to the browser and expects a cookie back on each subsequent requests. IIS version is 7

2- For authentication purpose , I am using FormsAuthentication

FormsAuthentication.SetAuthCookie(model.Username, false); 

3- I have specified time out settings in web.config as below

 <authentication mode="Forms">
  <forms loginUrl="~/" timeout="2880"
   slidingExpiration="true"  />
</authentication>

4- I am using Default Authorize filer on certain actions to disallow anonymous access on certain actions

Question

1 -now as timeout is set for 2 days but i am getting HTTP 401 error after 20 to 30 mins of inactivity , my impression with slidingExpiration is that within 2 days if user do something on website , its timeout will be renewed but if somehow user does something on protected actions after 20 or 30 mins then 401 error is raised.

2- Browser presents the default logon box but if i provide credentials in the default logon box (after 401 is raised), how to handle logon process in the asp.net webapi.

Answer 1

I have figured it out with the help of below answer so it was the machineKey which is used to generate authkey.