annotate Sphinx/source/faq/authentication.rst @ 329:117be48706ba

merge
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 05 Mar 2020 09:55:00 +0100
parents c310a795c133
children 9e7c58e1725b
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
39
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 .. _authentication:
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3 How to authenticate users?
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 ==========================
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 Out of the box, the embedded Web server of Orthanc supports `HTTP
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 Basic access authentication
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 <https://en.wikipedia.org/wiki/Basic_access_authentication>`__. To
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 configure user authentication for Orthanc, make sure to properly set
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 the following :ref:`configuration options <configuration>`:
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 * ``RemoteAccessAllowed`` to ``true``.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 * ``AuthenticationEnabled`` to ``true``.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 * In ``RegisteredUsers``, assign a username and a password to all your
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 users.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 Once a user has logged in, she will have full access, in read-write
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18 mode, to all the features offered by the REST API of Orthanc. This
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 built-in mechanism might be of limited usefulness in enterprise
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 scenarios, for which you would need features such as:
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22 * Fine-grained access to the REST resources (e.g. restrict the URIs
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23 that are visible per user).
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24 * Read-only access (i.e. limit full access to a short list of trusted
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
25 system administrators).
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
26 * Integration with an LDAP server.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
27 * Handling groups of users.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
28 * ...
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
29
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
30 Depending on your scenario, you can consider the following options:
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32 * Implement a Lua callback to :ref:`filter incoming REST requests
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33 <lua-filter-rest>`. This is the most simple solution, and would
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34 notably allow you to implement read-only access or, more generally,
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
35 `access control lists
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
36 <https://en.wikipedia.org/wiki/Access_control_list>`__.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
37 * Develop a :ref:`C/C++ plugin <creating-plugins>` that uses the
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38 ``OrthancPluginRegisterIncomingHttpRequestFilter()``. This solution
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39 is potentially useful if you wish to integrate with an LDAP server.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
40 * Use Orthanc as a reverse proxy (e.g. behind :ref:`nginx <nginx>`,
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
41 :ref:`Apache <apache>`, or :ref:`Microsoft IIS <iis>`), and use the
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
42 authentication mechanisms of the main Web server.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
43 * Create a :ref:`new Web user interface <improving-interface>` on the
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
44 top of the REST API of Orthanc, using your favorite framework
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
45 (Meteor, AngularJS, Ember.js, Node.js...).
274
c310a795c133 auth-token in search params
amazy
parents: 39
diff changeset
46 * Pass an :ref:`authorization token <orthanc-explorer-authorization>`
c310a795c133 auth-token in search params
amazy
parents: 39
diff changeset
47 in the url search params when opening the Orthanc Explorer.