The <forms /> configuration section is usually edited inside the application's web.config. If you want to change the default predefined values, you configure a <forms /> section by specifying the name, path, login page, cookieless mode, authentication cookie time-out, sliding expiration, whether forms authentication requires SSL, and whether the authentication cookie is enabled for cross-application redirects. Although the application's web.config configuration file provides a very good IntelliSense to manipulate the different configuration sections, IIS 7.0, among the many new integration features with ASP.NET, provides a graphical user interface to edit the application's <forms /> authentication configuration section and some other configuration sections, too (SessionState is an example). To edit the <forms> authentication section, right-click on the FormsAuthenticationModule inside the Authentication applet window. Figure 6-4 shows the IIS 7.0 Windows Form used to edit the <forms /> section for an application.
As you can see, the entire <forms /> authentication configuration section is now editable through the IIS 7.0 Manager tool.