annotate Sphinx/source/faq/authentication.rst @ 660:a6e371768a70

dicom-as-json
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 29 Apr 2021 12:41:31 +0200
parents 9e7c58e1725b
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
39
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 .. _authentication:
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3 How to authenticate users?
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 ==========================
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 Out of the box, the embedded Web server of Orthanc supports `HTTP
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 Basic access authentication
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 <https://en.wikipedia.org/wiki/Basic_access_authentication>`__. To
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 configure user authentication for Orthanc, make sure to properly set
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 the following :ref:`configuration options <configuration>`:
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 * ``RemoteAccessAllowed`` to ``true``.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 * ``AuthenticationEnabled`` to ``true``.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 * In ``RegisteredUsers``, assign a username and a password to all your
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 users.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16
650
9e7c58e1725b authentication.rst
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 274
diff changeset
17 **Important:** Make sure to read the FAQ about :ref:`how to secure
9e7c58e1725b authentication.rst
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 274
diff changeset
18 Orthanc <security>`.
9e7c58e1725b authentication.rst
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 274
diff changeset
19
39
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 Once a user has logged in, she will have full access, in read-write
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 mode, to all the features offered by the REST API of Orthanc. This
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22 built-in mechanism might be of limited usefulness in enterprise
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23 scenarios, for which you would need features such as:
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
25 * Fine-grained access to the REST resources (e.g. restrict the URIs
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
26 that are visible per user).
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
27 * Read-only access (i.e. limit full access to a short list of trusted
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
28 system administrators).
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
29 * Integration with an LDAP server.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
30 * Handling groups of users.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31 * ...
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33 Depending on your scenario, you can consider the following options:
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
35 * Implement a Lua callback to :ref:`filter incoming REST requests
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
36 <lua-filter-rest>`. This is the most simple solution, and would
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
37 notably allow you to implement read-only access or, more generally,
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38 `access control lists
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39 <https://en.wikipedia.org/wiki/Access_control_list>`__.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
40 * Develop a :ref:`C/C++ plugin <creating-plugins>` that uses the
650
9e7c58e1725b authentication.rst
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 274
diff changeset
41 ``OrthancPluginRegisterIncomingHttpRequestFilter()``, or a
9e7c58e1725b authentication.rst
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 274
diff changeset
42 :ref:`Python plugin <python_authorization>` that uses
9e7c58e1725b authentication.rst
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 274
diff changeset
43 ``orthanc.RegisterIncomingHttpRequestFilter()``. This solution is
9e7c58e1725b authentication.rst
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 274
diff changeset
44 potentially useful if you wish to integrate with an LDAP server.
39
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
45 * Use Orthanc as a reverse proxy (e.g. behind :ref:`nginx <nginx>`,
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
46 :ref:`Apache <apache>`, or :ref:`Microsoft IIS <iis>`), and use the
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
47 authentication mechanisms of the main Web server.
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
48 * Create a :ref:`new Web user interface <improving-interface>` on the
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
49 top of the REST API of Orthanc, using your favorite framework
87803e4e9c91 How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
50 (Meteor, AngularJS, Ember.js, Node.js...).
274
c310a795c133 auth-token in search params
amazy
parents: 39
diff changeset
51 * Pass an :ref:`authorization token <orthanc-explorer-authorization>`
c310a795c133 auth-token in search params
amazy
parents: 39
diff changeset
52 in the url search params when opening the Orthanc Explorer.