Mercurial > hg > orthanc-book
annotate Sphinx/source/faq/authentication.rst @ 1113:a588960a72e5 default tip
spelling
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Mon, 28 Oct 2024 09:23:08 +0100 |
parents | 9e7c58e1725b |
children |
rev | line source |
---|---|
39
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
1 .. _authentication: |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
2 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
3 How to authenticate users? |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
4 ========================== |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
5 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
6 Out of the box, the embedded Web server of Orthanc supports `HTTP |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
7 Basic access authentication |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
8 <https://en.wikipedia.org/wiki/Basic_access_authentication>`__. To |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
9 configure user authentication for Orthanc, make sure to properly set |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
10 the following :ref:`configuration options <configuration>`: |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
11 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
12 * ``RemoteAccessAllowed`` to ``true``. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
13 * ``AuthenticationEnabled`` to ``true``. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
14 * In ``RegisteredUsers``, assign a username and a password to all your |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
15 users. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
16 |
650 | 17 **Important:** Make sure to read the FAQ about :ref:`how to secure |
18 Orthanc <security>`. | |
19 | |
39
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
20 Once a user has logged in, she will have full access, in read-write |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
21 mode, to all the features offered by the REST API of Orthanc. This |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
22 built-in mechanism might be of limited usefulness in enterprise |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
23 scenarios, for which you would need features such as: |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
24 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
25 * Fine-grained access to the REST resources (e.g. restrict the URIs |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
26 that are visible per user). |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
27 * Read-only access (i.e. limit full access to a short list of trusted |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
28 system administrators). |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
29 * Integration with an LDAP server. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
30 * Handling groups of users. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
31 * ... |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
32 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
33 Depending on your scenario, you can consider the following options: |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
34 |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
35 * Implement a Lua callback to :ref:`filter incoming REST requests |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
36 <lua-filter-rest>`. This is the most simple solution, and would |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
37 notably allow you to implement read-only access or, more generally, |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
38 `access control lists |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
39 <https://en.wikipedia.org/wiki/Access_control_list>`__. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
40 * Develop a :ref:`C/C++ plugin <creating-plugins>` that uses the |
650 | 41 ``OrthancPluginRegisterIncomingHttpRequestFilter()``, or a |
42 :ref:`Python plugin <python_authorization>` that uses | |
43 ``orthanc.RegisterIncomingHttpRequestFilter()``. This solution is | |
44 potentially useful if you wish to integrate with an LDAP server. | |
39
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
45 * Use Orthanc as a reverse proxy (e.g. behind :ref:`nginx <nginx>`, |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
46 :ref:`Apache <apache>`, or :ref:`Microsoft IIS <iis>`), and use the |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
47 authentication mechanisms of the main Web server. |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
48 * Create a :ref:`new Web user interface <improving-interface>` on the |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
49 top of the REST API of Orthanc, using your favorite framework |
87803e4e9c91
How to authenticate users?
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
50 (Meteor, AngularJS, Ember.js, Node.js...). |
274 | 51 * Pass an :ref:`authorization token <orthanc-explorer-authorization>` |
52 in the url search params when opening the Orthanc Explorer. |