comparison Sphinx/source/faq/authentication.rst @ 39:87803e4e9c91

How to authenticate users?
author Sebastien Jodogne <s.jodogne@gmail.com>
date Tue, 16 Aug 2016 09:51:12 +0200
parents
children c310a795c133
comparison
equal deleted inserted replaced
38:2ee7f4462a6a 39:87803e4e9c91
1 .. _authentication:
2
3 How to authenticate users?
4 ==========================
5
6 Out of the box, the embedded Web server of Orthanc supports `HTTP
7 Basic access authentication
8 <https://en.wikipedia.org/wiki/Basic_access_authentication>`__. To
9 configure user authentication for Orthanc, make sure to properly set
10 the following :ref:`configuration options <configuration>`:
11
12 * ``RemoteAccessAllowed`` to ``true``.
13 * ``AuthenticationEnabled`` to ``true``.
14 * In ``RegisteredUsers``, assign a username and a password to all your
15 users.
16
17 Once a user has logged in, she will have full access, in read-write
18 mode, to all the features offered by the REST API of Orthanc. This
19 built-in mechanism might be of limited usefulness in enterprise
20 scenarios, for which you would need features such as:
21
22 * Fine-grained access to the REST resources (e.g. restrict the URIs
23 that are visible per user).
24 * Read-only access (i.e. limit full access to a short list of trusted
25 system administrators).
26 * Integration with an LDAP server.
27 * Handling groups of users.
28 * ...
29
30 Depending on your scenario, you can consider the following options:
31
32 * Implement a Lua callback to :ref:`filter incoming REST requests
33 <lua-filter-rest>`. This is the most simple solution, and would
34 notably allow you to implement read-only access or, more generally,
35 `access control lists
36 <https://en.wikipedia.org/wiki/Access_control_list>`__.
37 * Develop a :ref:`C/C++ plugin <creating-plugins>` that uses the
38 ``OrthancPluginRegisterIncomingHttpRequestFilter()``. This solution
39 is potentially useful if you wish to integrate with an LDAP server.
40 * Use Orthanc as a reverse proxy (e.g. behind :ref:`nginx <nginx>`,
41 :ref:`Apache <apache>`, or :ref:`Microsoft IIS <iis>`), and use the
42 authentication mechanisms of the main Web server.
43 * Create a :ref:`new Web user interface <improving-interface>` on the
44 top of the REST API of Orthanc, using your favorite framework
45 (Meteor, AngularJS, Ember.js, Node.js...).