Authorisation web service and the AC_AUTHENTICATION_ENABLED variable
238 views
Skip to first unread message
Steve Hawes
Feb 10, 2020, 4:58:31 AM2/10/20
to Orthanc Users
Hi,
Is it possible to set up the Orthanc Server such that all normal web users are authorised using the AC_AUTHENTICATION_ENABLED mechanism and all REST API calls are authorised using the web service specified by the AUTHZ__WEBSERVICE variable? I would like it so that if the user has authenticated using the basic HTTP authentication then they can access all the information but if the request comes via the REST API then it uses the web service to authenticate.
If so, what do I need to specify in the AUTHZ_UNCHECKED_FOLDERS and AUTHZ_UNCHECKED_RESOURCES variables?
Thanks
Steve
Is it possible to set up the Orthanc Server such that all normal web users are authorised using the AC_AUTHENTICATION_ENABLED mechanism and all REST API calls are authorised using the web service specified by the AUTHZ__WEBSERVICE variable? I would like it so that if the user has authenticated using the basic HTTP authentication then they can access all the information but if the request comes via the REST API then it uses the web service to authenticate.
If so, what do I need to specify in the AUTHZ_UNCHECKED_FOLDERS and AUTHZ_UNCHECKED_RESOURCES variables?
Thanks
Steve
Sébastien Jodogne
Apr 27, 2021, 5:34:01 AM4/27/21
to Orthanc Users
Hello,
The "advanced authorization plugin" has been deprecated in favor of Python plugins:
You can find a full example of a Python plugin that calls a Web service in order to authorize accesses in the Orthanc Book:
In your specific case, you would register each "normal Web user" within the "RegisteredUsers" configuration option of Orthanc. You would then add a "virtual" user dedicated to make the accesses to the REST API, also in the "RegisteredUsers" option. Your full configuration would look like:
{
"Plugins" : [ "." ],
"PythonScript" : "authorization.py",
"AuthenticationEnabled" : true,
"RegisteredUsers" : {
"alice" : "mypassword",
"rest" : "rest"
}
}
The "authorization.py" Python plugin could then look as follows:
import base64
import orthanc
import requests
def Filter(uri, **request):
print('User trying to access URI: %s' % uri)
headers = request.get('headers')
if headers != None:
authorization = headers.get('authorization')
if (authorization != None and
authorization.startswith('Basic ')):
credentials = base64.b64decode(authorization[6:])
username = credentials.split(':') [0]
if username == 'rest':
# Call the Web service only if user is "rest"
r = requests.post('http://localhost:8000/', {
'username' : username,
# Add other information from the "request" variable
})
return r.json() ['granted']
return True # Always grant access to "normal Web users"
orthanc.RegisterIncomingHttpRequestFilter(Filter)
HTH,
Sébastien-
Reply all
Reply to author
Forward
0 new messages