Mercurial > hg > orthanc-book
annotate Sphinx/source/faq/authentication.rst @ 329:117be48706ba
merge
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 05 Mar 2020 09:55:00 +0100 |
parents | c310a795c133 |
children | 9e7c58e1725b |
rev | line source |
---|---|
39
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
1 .. _authentication: |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
2 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
3 How to authenticate users? |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
4 ========================== |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
5 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
6 Out of the box, the embedded Web server of Orthanc supports `HTTP |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
7 Basic access authentication |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
8 <https://en.wikipedia.org/wiki/Basic_access_authentication>`__. To |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
9 configure user authentication for Orthanc, make sure to properly set |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
10 the following :ref:`configuration options <configuration>`: |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
11 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
12 * ``RemoteAccessAllowed`` to ``true``. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
13 * ``AuthenticationEnabled`` to ``true``. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
14 * In ``RegisteredUsers``, assign a username and a password to all your |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
15 users. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
16 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
17 Once a user has logged in, she will have full access, in read-write |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
18 mode, to all the features offered by the REST API of Orthanc. This |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
19 built-in mechanism might be of limited usefulness in enterprise |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
20 scenarios, for which you would need features such as: |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
21 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
22 * Fine-grained access to the REST resources (e.g. restrict the URIs |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
23 that are visible per user). |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
24 * Read-only access (i.e. limit full access to a short list of trusted |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
25 system administrators). |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
26 * Integration with an LDAP server. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
27 * Handling groups of users. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
28 * ... |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
29 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
30 Depending on your scenario, you can consider the following options: |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
31 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
32 * Implement a Lua callback to :ref:`filter incoming REST requests |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
33 <lua-filter-rest>`. This is the most simple solution, and would |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
34 notably allow you to implement read-only access or, more generally, |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
35 `access control lists |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
36 <https://en.wikipedia.org/wiki/Access_control_list>`__. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
37 * Develop a :ref:`C/C++ plugin <creating-plugins>` that uses the |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
38 ``OrthancPluginRegisterIncomingHttpRequestFilter()``. This solution |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
39 is potentially useful if you wish to integrate with an LDAP server. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
40 * Use Orthanc as a reverse proxy (e.g. behind :ref:`nginx <nginx>`, |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
41 :ref:`Apache <apache>`, or :ref:`Microsoft IIS <iis>`), and use the |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
42 authentication mechanisms of the main Web server. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
43 * Create a :ref:`new Web user interface <improving-interface>` on the |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
44 top of the REST API of Orthanc, using your favorite framework |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
45 (Meteor, AngularJS, Ember.js, Node.js...). |
274 | 46 * Pass an :ref:`authorization token <orthanc-explorer-authorization>` |
47 in the url search params when opening the Orthanc Explorer. |