Hi Orthanc users
I’ve been playing around with Advanced authorization plugin, and I found that no matter if the web service grants access, the user will not be able to view the page if it’s not authenticated using the remote access credentials (basic authentication).
Is there any workaround for that? I would like Orthanc to check my webservice first.
I also tried to send the authorization token as a param in the URL, but did not work. Still requires credentials.
Thanks in advance.
Hi Thiago,
The authorization plugin actually only works at API level. The Orthanc Explorer pages are actually not considered.
It was actually first designed with the web-viewers use-case in mind (lots of requests to the API in which we need to check for authorization).
If you want it to work correctly with the Orthanc Explorer, I think you’ll have to rewrite it or write your own interface in which you would implement your own login screen; on successful login the UI would get a token that it would include in every requests to the Orthanc Rest API. Your UI would then handle the 403 errors in a more elegant way.
HTH
Alain
Hi Alain.
Thanks for your reply.
Yeah, that makes sense. I can see lots of requests when I try to access Osimis with Authorization plugin enabled. Though sometimes, even after all the successful requests, the images are not rendered in Osimis. Besides, I still have the Basic authentication enforcement.
Well, if someone is available for this custom modification, I’d be willing to pay for the job. Please contact me in private.
Thanks.
Hmm, I just figured out that the Advanced Authorization plugin also does not work well with Remote Access settings. I’m still been requested to login even when I am sending requests to the API
Does anyone have an idea on how to solve this?
Hello,
The Advanced Authorization plugin is now deprecated and has been superseded by Python plugins:
https://book.orthanc-server.com/plugins/python.html#python-authorization
Such Python scripts will give you much more control over authorization. The following post might also be of interest to you:
https://groups.google.com/g/orthanc-users/c/liOW6BQMbdQ/m/Q9vao4YKAgAJ
If you want to entirely protect an entire Orthanc server, you could also consider adding authentication/authorization at the reverse proxy level:
https://book.orthanc-server.com/faq/nginx.html
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
Sébastien-