Orthanc server secure access trough REST APIs
2,103 views
Skip to first unread message
Paolo Trifiletti
Nov 5, 2016, 6:57:52 AM11/5/16
to Orthanc Users
Dear All,
I have installed ORTHANC in an Ubuntu 16.04 server environment as Dicom Store engine, on top I put a web application which communicates with ORTHANC trough rest API. I want to keep ORTHANC secure and maintain these configurations:
"RemoteAccessAllowed" : true,
"AuthenticationEnabled" : true,
"RegisteredUsers" : {
"Administrator" : "StrongPwd"
},
so I would like to know if there is a way to pass username and password through REST API in order to securely access to ORTHANC APIs?
Thanks in advance
All the bests
Paolo
Levin Alexander
Nov 5, 2016, 7:37:58 AM11/5/16
to Paolo Trifiletti, Orthanc Users
Hi,
Yes. Orthanc uses HTTP Basic Authentication. (https://en.wikipedia.org/wiki/Basic_access_authentication)
You can put username/password into the URL directly like so: "http://username:pass...@orthanc-host.example/".
(Most tools have other dedicated ways to specify authentication. In curl, for example, you can also say `curl --user username:password http://orthanc-host.example`)
Be aware that Basic Authentication, while simple, isn't really secure against eavesdropping. Because the password is sent over the network in (base64-encoded-) plaintext for every request, everyone that can see your traffic on the network can access your server. You should use HTTPS instead of HTTP to mitigate that.
If you need a more full-featured authentication setup you can put Orthanc behind some other web server that does authentication and only proxies authenticated requests to Orthanc. Something like https://github.com/bitly/oauth2_proxy would probably work (I have not used this yet though)
The Orthanc book has a section about how to configure nginx or Apache to act as a reverse proxt for Orthanc as well: https://orthanc.chu.ulg.ac.be/book/faq/nginx.html
--Levin Alexander
You can put username/password into the URL directly like so: "http://username:pass...@orthanc-host.example/".
(Most tools have other dedicated ways to specify authentication. In curl, for example, you can also say `curl --user username:password http://orthanc-host.example`)
Be aware that Basic Authentication, while simple, isn't really secure against eavesdropping. Because the password is sent over the network in (base64-encoded-) plaintext for every request, everyone that can see your traffic on the network can access your server. You should use HTTPS instead of HTTP to mitigate that.
If you need a more full-featured authentication setup you can put Orthanc behind some other web server that does authentication and only proxies authenticated requests to Orthanc. Something like https://github.com/bitly/oauth2_proxy would probably work (I have not used this yet though)
The Orthanc book has a section about how to configure nginx or Apache to act as a reverse proxt for Orthanc as well: https://orthanc.chu.ulg.ac.be/book/faq/nginx.html
--Levin Alexander
Sébastien Jodogne
Nov 6, 2016, 6:12:42 AM11/6/16
to Orthanc Users, paolo.tr...@gmail.com
Hello,
As a complement to Levin's answer, please check out the following FAQ in the Orthanc Book:
Regards,
Sébastien-
On Saturday, November 5, 2016 at 12:37:58 PM UTC+1, Levin Alexander wrote:
Hi,
> I have installed ORTHANC in an Ubuntu 16.04 server environment as Dicom Store engine, on top I put a web application which communicates with ORTHANC trough rest API. I want to keep ORTHANC secure and maintain these configurations:
>
> "RemoteAccessAllowed" : true,
> "AuthenticationEnabled" : true,
> "RegisteredUsers" : {
> "Administrator" : "StrongPwd"
> },
>
> so I would like to know if there is a way to pass username and password through REST API in order to securely access to ORTHANC APIs?
Yes. Orthanc uses HTTP Basic Authentication. (https://en.wikipedia.org/wiki/Basic_access_authentication)
You can put username/password into the URL directly like so: "http://username:password@orthanc-host.example/".
Paolo Trifiletti
Nov 6, 2016, 5:05:32 PM11/6/16
to Orthanc Users, paolo.tr...@gmail.com
Dear All,
thanks for both complete replies. I have my application running HTTPS behind Tomcat 8 web server. I will try to configure Orthanc behind it and let you know. Any experiences with this scenario? maybe I can directly install nginx to serve Orthanc, but following Orthanc book explanation I'm missing a point:
server {
listen 80 default_server;
...
location /orthanc/ {
proxy_pass http://localhost:8042;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
rewrite /orthanc(.*) $1 break;
}
...
}
What the "location /orthanc/" means?
Thanks
All the bests
Paolo
Sébastien Jodogne
Nov 7, 2016, 3:57:42 AM11/7/16
to Orthanc Users, paolo.tr...@gmail.com
I have my application running HTTPS behind Tomcat 8 web server. I will try to configure Orthanc behind it and let you know. Any experiences with this scenario?
As far as I'm concerned, I've not heard about someone experimenting the Orthanc+Tomcat combination yet. We would of course love to hear your feedback.
maybe I can directly install nginx to serve Orthanc, but following Orthanc book explanation I'm missing a point:server {listen 80 default_server;...location /orthanc/ {proxy_pass http://localhost:8042;proxy_set_header HOST $host;proxy_set_header X-Real-IP $remote_addr;rewrite /orthanc(.*) $1 break;}...}What the "location /orthanc/" means?
It means that the following URL of Orthanc: http://localhost:8042/instances
Would be mapped as: http://<myserver>/orthanc/instance
You can of course replace the "/orthanc/" URI by anything you wish (don't forget to adapt the "rewrite" directive accordingly). You can as well branch several instances of Orthanc running on different ports, under several distinct URIs.
HTH,
Sébastien-
Reply all
Reply to author
Forward
0 new messages