changeset 39:87803e4e9c91

How to authenticate users?
author Sebastien Jodogne <s.jodogne@gmail.com>
date Tue, 16 Aug 2016 09:51:12 +0200
parents 2ee7f4462a6a
children 99b45a963bcf
files Sphinx/source/faq.rst Sphinx/source/faq/authentication.rst Sphinx/source/faq/log.rst
diffstat 3 files changed, 47 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/Sphinx/source/faq.rst	Wed Jul 20 17:29:22 2016 +0200
+++ b/Sphinx/source/faq.rst	Tue Aug 16 09:51:12 2016 +0200
@@ -48,4 +48,5 @@
    faq/same-origin.rst
    faq/matlab.rst
    faq/orthanc-storage.rst
+   faq/authentication.rst
    faq/why-orthanc.rst
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Sphinx/source/faq/authentication.rst	Tue Aug 16 09:51:12 2016 +0200
@@ -0,0 +1,45 @@
+.. _authentication:
+
+How to authenticate users?
+==========================
+
+Out of the box, the embedded Web server of Orthanc supports `HTTP
+Basic access authentication
+<https://en.wikipedia.org/wiki/Basic_access_authentication>`__. To
+configure user authentication for Orthanc, make sure to properly set
+the following :ref:`configuration options <configuration>`:
+
+* ``RemoteAccessAllowed`` to ``true``.
+* ``AuthenticationEnabled`` to ``true``.
+* In ``RegisteredUsers``, assign a username and a password to all your
+  users.
+
+Once a user has logged in, she will have full access, in read-write
+mode, to all the features offered by the REST API of Orthanc. This
+built-in mechanism might be of limited usefulness in enterprise
+scenarios, for which you would need features such as:
+
+* Fine-grained access to the REST resources (e.g. restrict the URIs
+  that are visible per user).
+* Read-only access (i.e. limit full access to a short list of trusted
+  system administrators).
+* Integration with an LDAP server.
+* Handling groups of users.
+* ...
+
+Depending on your scenario, you can consider the following options:
+
+* Implement a Lua callback to :ref:`filter incoming REST requests
+  <lua-filter-rest>`. This is the most simple solution, and would
+  notably allow you to implement read-only access or, more generally,
+  `access control lists
+  <https://en.wikipedia.org/wiki/Access_control_list>`__.
+* Develop a :ref:`C/C++ plugin <creating-plugins>` that uses the
+  ``OrthancPluginRegisterIncomingHttpRequestFilter()``.  This solution
+  is potentially useful if you wish to integrate with an LDAP server.
+* Use Orthanc as a reverse proxy (e.g. behind :ref:`nginx <nginx>`,
+  :ref:`Apache <apache>`, or :ref:`Microsoft IIS <iis>`), and use the
+  authentication mechanisms of the main Web server.
+* Create a :ref:`new Web user interface <improving-interface>` on the
+  top of the REST API of Orthanc, using your favorite framework
+  (Meteor, AngularJS, Ember.js, Node.js...).
--- a/Sphinx/source/faq/log.rst	Wed Jul 20 17:29:22 2016 +0200
+++ b/Sphinx/source/faq/log.rst	Tue Aug 16 09:51:12 2016 +0200
@@ -1,6 +1,6 @@
 .. _log:
 
-Generating an Exploitable Log
+Generating an exploitable log
 -----------------------------
 
 For your log to be exploitable by the Orthanc community, you must