Mercurial > hg > orthanc-book

view Sphinx/source/faq/authentication.rst @ 585:ffdbe8f64e76

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
upgrade to 2021
author Sebastien Jodogne <s.jodogne@gmail.com>
date Wed, 06 Jan 2021 09:50:56 +0100
parents c310a795c133
children 9e7c58e1725b
line wrap: on
line source

.. _authentication:

How to authenticate users?
==========================

Out of the box, the embedded Web server of Orthanc supports `HTTP
Basic access authentication
<https://en.wikipedia.org/wiki/Basic_access_authentication>`__. To
configure user authentication for Orthanc, make sure to properly set
the following :ref:`configuration options <configuration>`:

* ``RemoteAccessAllowed`` to ``true``.
* ``AuthenticationEnabled`` to ``true``.
* In ``RegisteredUsers``, assign a username and a password to all your
  users.

Once a user has logged in, she will have full access, in read-write
mode, to all the features offered by the REST API of Orthanc. This
built-in mechanism might be of limited usefulness in enterprise
scenarios, for which you would need features such as:

* Fine-grained access to the REST resources (e.g. restrict the URIs
  that are visible per user).
* Read-only access (i.e. limit full access to a short list of trusted
  system administrators).
* Integration with an LDAP server.
* Handling groups of users.
* ...

Depending on your scenario, you can consider the following options:

* Implement a Lua callback to :ref:`filter incoming REST requests
  <lua-filter-rest>`. This is the most simple solution, and would
  notably allow you to implement read-only access or, more generally,
  `access control lists
  <https://en.wikipedia.org/wiki/Access_control_list>`__.
* Develop a :ref:`C/C++ plugin <creating-plugins>` that uses the
  ``OrthancPluginRegisterIncomingHttpRequestFilter()``.  This solution
  is potentially useful if you wish to integrate with an LDAP server.
* Use Orthanc as a reverse proxy (e.g. behind :ref:`nginx <nginx>`,
  :ref:`Apache <apache>`, or :ref:`Microsoft IIS <iis>`), and use the
  authentication mechanisms of the main Web server.
* Create a :ref:`new Web user interface <improving-interface>` on the
  top of the REST API of Orthanc, using your favorite framework
  (Meteor, AngularJS, Ember.js, Node.js...).
* Pass an :ref:`authorization token <orthanc-explorer-authorization>` 
  in the url search params when opening the Orthanc Explorer.