Mercurial > hg > orthanc-book
comparison Sphinx/source/faq/authentication.rst @ 39:87803e4e9c91
How to authenticate users?
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Tue, 16 Aug 2016 09:51:12 +0200 |
parents | |
children | c310a795c133 |
comparison
equal
deleted
inserted
replaced
38:2ee7f4462a6a | 39:87803e4e9c91 |
---|---|
1 .. _authentication: | |
2 | |
3 How to authenticate users? | |
4 ========================== | |
5 | |
6 Out of the box, the embedded Web server of Orthanc supports `HTTP | |
7 Basic access authentication | |
8 <https://en.wikipedia.org/wiki/Basic_access_authentication>`__. To | |
9 configure user authentication for Orthanc, make sure to properly set | |
10 the following :ref:`configuration options <configuration>`: | |
11 | |
12 * ``RemoteAccessAllowed`` to ``true``. | |
13 * ``AuthenticationEnabled`` to ``true``. | |
14 * In ``RegisteredUsers``, assign a username and a password to all your | |
15 users. | |
16 | |
17 Once a user has logged in, she will have full access, in read-write | |
18 mode, to all the features offered by the REST API of Orthanc. This | |
19 built-in mechanism might be of limited usefulness in enterprise | |
20 scenarios, for which you would need features such as: | |
21 | |
22 * Fine-grained access to the REST resources (e.g. restrict the URIs | |
23 that are visible per user). | |
24 * Read-only access (i.e. limit full access to a short list of trusted | |
25 system administrators). | |
26 * Integration with an LDAP server. | |
27 * Handling groups of users. | |
28 * ... | |
29 | |
30 Depending on your scenario, you can consider the following options: | |
31 | |
32 * Implement a Lua callback to :ref:`filter incoming REST requests | |
33 <lua-filter-rest>`. This is the most simple solution, and would | |
34 notably allow you to implement read-only access or, more generally, | |
35 `access control lists | |
36 <https://en.wikipedia.org/wiki/Access_control_list>`__. | |
37 * Develop a :ref:`C/C++ plugin <creating-plugins>` that uses the | |
38 ``OrthancPluginRegisterIncomingHttpRequestFilter()``. This solution | |
39 is potentially useful if you wish to integrate with an LDAP server. | |
40 * Use Orthanc as a reverse proxy (e.g. behind :ref:`nginx <nginx>`, | |
41 :ref:`Apache <apache>`, or :ref:`Microsoft IIS <iis>`), and use the | |
42 authentication mechanisms of the main Web server. | |
43 * Create a :ref:`new Web user interface <improving-interface>` on the | |
44 top of the REST API of Orthanc, using your favorite framework | |
45 (Meteor, AngularJS, Ember.js, Node.js...). |