Module inheritance madness: How to configure a "chain" of modules?

Topics: Core, Customizing Orchard, General, Troubleshooting, Writing modules
Dec 3, 2013 at 8:45 AM
We are using this module: RealtyShares.SessionTimeout.
That module works fine. We are able to configure the session timeout and it works.

Now we want to use Active Directory accounts to sign in. So we enabled AlexZh.WindowsAuthentication. However, the authentication service inside the WindowsAuthentication module is not being used; it's still using the formsauthentication module.

How can we use multiple modules and achieve our goal? Or how can we somehow set the chain to be used?

  • Set session timeout to 10 minutes. Client wants to be able to configure this.
  • Login using Active Directory accounts.
  • If the client is on premise, he should be automatically logged on, since he is logged on to his Windows machine, using Active Directory.
Dec 3, 2013 at 8:50 AM
I am not familiar with either of those modules, and you might want to contact their authors. If the WindowsAuthentication module is implemented correctly, it should suppress Orchard's implementation.
Dec 3, 2013 at 8:59 AM
It does. But in this case, I have 2 modules turned on:
RealtyShares.SessionTimeout (which makes the session timeout configurable)
AlexZh.WindowsAuthentication (which makes Windows authentication possible)

The RealtyShares.SessionTimeout suppresses Orchard's implementation

The AlexZh.WindowsAuthentication suppresses Orchard's implementation too! But it shouldn't, it should suppress RealtyShares implementation. Or something.
Dec 3, 2013 at 10:12 AM
Ah I see. So essentially what you need is to first execute the SessionTimeout logic, and if the session is not timed out, execute the WindowsAuthentication logic. Essentially you would need some sort of authentication processing pipeline, implementing some sort of chain of responsibility pattern.

Perhaps the easiest way to achieve your goal is to implement your own authentication provider, which contains both SessionTimeout and WindowsAuthentication. Your implementation would then first call into SessionTimeout, and if that succeeds, into WindowsAuthentication.