Hi,
I’d like to run orthanc on the web for teaching purposes. The goal is to
- embed the Stone web viewer on an HTML page such that no authentication is required to see a study.
- Secure the orthanc webinterface such that only staff (i.e. RegisteredUser) can upload and delete images
- Prevent deletion from unregistered users via API
This script from the documentation seems to do exactly what I want. However, I am confused about how to used it with ORTHANC__AUTHENTICATION_ENABLED
and ORTHANC__REMOTE_ACCESS_ALLOWED
variables. From my understanding, I can set both values to true and still use the Stone Web Viewer without being asked for a username and password, is that correct? Because in practice, I am being asked about that wen I access a study.
Best and thank you in advance
Chris
Hi,
ORTHANC__REMOTE_ACCESS_ALLOWED must be set to true anyway if you want Orthanc to be accessible from external computer.
Once you set ORTHANC__AUTHENTICATION_ENABLED to true, all resources including e.g the index.html page of the stone viewer are accessible only for registered users => you need to provide credentials in every case. Orthanc checks for valid username/pwd in the registered users list before calling the Lua IncomingHttpRequestFilter function.
It’s actually difficult (or even impossible) to mix unauthenticated and authenticated access. There are a few options however:
- use a reverse proxy in front of Orthanc that will inject authorization headers in the HTTP requests to Orthanc when the user is not authenticated → Orthanc will see it as an authenticated user.
- use 2 Orthancs on the same DB, the “Admin” orthanc is protected by registered users and the “Public” orthanc has a lua IncomingHttpRequestFilter that allows only the GET requests.
HTH
Alain.
Thank you for your helpful response, Alain.
Chris