Mercurial > hg > orthanc-book
changeset 39:87803e4e9c91
How to authenticate users?
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Tue, 16 Aug 2016 09:51:12 +0200 |
parents | 2ee7f4462a6a |
children | 99b45a963bcf |
files | Sphinx/source/faq.rst Sphinx/source/faq/authentication.rst Sphinx/source/faq/log.rst |
diffstat | 3 files changed, 47 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/Sphinx/source/faq.rst Wed Jul 20 17:29:22 2016 +0200 +++ b/Sphinx/source/faq.rst Tue Aug 16 09:51:12 2016 +0200 @@ -48,4 +48,5 @@ faq/same-origin.rst faq/matlab.rst faq/orthanc-storage.rst + faq/authentication.rst faq/why-orthanc.rst
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Sphinx/source/faq/authentication.rst Tue Aug 16 09:51:12 2016 +0200 @@ -0,0 +1,45 @@ +.. _authentication: + +How to authenticate users? +========================== + +Out of the box, the embedded Web server of Orthanc supports `HTTP +Basic access authentication +<https://en.wikipedia.org/wiki/Basic_access_authentication>`__. To +configure user authentication for Orthanc, make sure to properly set +the following :ref:`configuration options <configuration>`: + +* ``RemoteAccessAllowed`` to ``true``. +* ``AuthenticationEnabled`` to ``true``. +* In ``RegisteredUsers``, assign a username and a password to all your + users. + +Once a user has logged in, she will have full access, in read-write +mode, to all the features offered by the REST API of Orthanc. This +built-in mechanism might be of limited usefulness in enterprise +scenarios, for which you would need features such as: + +* Fine-grained access to the REST resources (e.g. restrict the URIs + that are visible per user). +* Read-only access (i.e. limit full access to a short list of trusted + system administrators). +* Integration with an LDAP server. +* Handling groups of users. +* ... + +Depending on your scenario, you can consider the following options: + +* Implement a Lua callback to :ref:`filter incoming REST requests + <lua-filter-rest>`. This is the most simple solution, and would + notably allow you to implement read-only access or, more generally, + `access control lists + <https://en.wikipedia.org/wiki/Access_control_list>`__. +* Develop a :ref:`C/C++ plugin <creating-plugins>` that uses the + ``OrthancPluginRegisterIncomingHttpRequestFilter()``. This solution + is potentially useful if you wish to integrate with an LDAP server. +* Use Orthanc as a reverse proxy (e.g. behind :ref:`nginx <nginx>`, + :ref:`Apache <apache>`, or :ref:`Microsoft IIS <iis>`), and use the + authentication mechanisms of the main Web server. +* Create a :ref:`new Web user interface <improving-interface>` on the + top of the REST API of Orthanc, using your favorite framework + (Meteor, AngularJS, Ember.js, Node.js...).
--- a/Sphinx/source/faq/log.rst Wed Jul 20 17:29:22 2016 +0200 +++ b/Sphinx/source/faq/log.rst Tue Aug 16 09:51:12 2016 +0200 @@ -1,6 +1,6 @@ .. _log: -Generating an Exploitable Log +Generating an exploitable log ----------------------------- For your log to be exploitable by the Orthanc community, you must