Orthanc + IIS + SSL

Hello,

I’m using Orthanc - 1.5.5 under Windows (on both peers).

I have followed How can I run Orthanc behind Microsoft IIS? to configure Orthanc under IIS+SSL. Orthanc is secured via username/password under Windows as the article is suggested.

Orthanc is running fine. I’m also able to access Orthanc via client/remote browser. Since, it is secured via username/password I first get a login prompt from Windows side. Upon successful authentication, I get the GUI interface of Orthanc where I’m able to upload images via GUI and it works with no issues

- Challenges -
If I try to send images peer-to-peer from client to server via lua RestApiPost(‘/peers/MyPeerName/store’, instanceId) I get following errors:

- Error in HTTP request, received HTTP status 401 (Unauthorized)
- Error in the network protocol

If I turn off Windows authentication, then it works fine.

Server side Orthanc configuration is default settings.

Client side configuration - only two changes. Others remains default settings.

“OrthancPeers” : {
/**

• Each line gives the base URL of an Orthanc peer, possibly
• followed by the username/password pair (if the password
• protection is enabled on the peer).
  **/
  “MyPeer” : [ “https://myPeerNameAddr:443/”, “UserName”, “UserPassword” ]
  },

“HttpsVerifyPeers” : false

Any suggestions what could be wrong?

Thank you!

Hello,

Please provide the full log in “–verbose” mode, both for the sender and for the receiver:
http://book.orthanc-server.com/faq/log.html#generating-an-exploitable-debug-log

What do you mean by “Windows authentication”?

Sébastien-

Dear Sébastien,

Thank you for getting back so quickly.

Kindly note, I have attached two log files produced by verbose.

As for the Windows authentication, there is no much difference between windows authentication & AD authentication, when machine is not part of the domain user information is stored into local SAM database & during login, local authentication mechanism is utilized to validate the user where as using AD it is ldap based directory service authentication where user information is stored into AD (NTDS.DIT) database, so during login to domain its not local but its information from AD is used to authorize the user for domain access.

Again, thank you so much!

Regards,

receiver.log (4.33 KB)

sender.log (19.7 KB)

This is the only relevant part of the sender log:

I0228 18:27:54.976219 HttpClient.cpp:671] HTTP status code 401 after POST request on: https://x.x.x.x:443/instances
E0228 18:27:54.976219 HttpClient.cpp:700] Error in HTTP request, received HTTP status 401 (Unauthorized)

Are you sure that the option “RemoteAccessAllowed” is set to “true” in the receiver configuration (this is not the default value)?

Yes, “RemoteAccessAllowed” is set to “true” in the receiver configuration. Sorry, forgot to mentioned that.

If I turn off the Windows authentication under IIS then it works fine.

Is there any function SetCredentials(“username”, “password”) under Lua where I can set the credentials before I call RestApiPost?

Thank you

As explained in the documentation, there is a “SetHttpCredentials()” for Lua:
http://book.orthanc-server.com/users/lua.html#general-purpose-functions

This function affects the functions of family “HttpXXX()” (e.g. “HttpPost()”).

The Lua scripts have direct access to the REST API of Orthanc through the functions of the “RestApiXXX()” family (e.g. “RestApiPost()”), so the function “SetHttpCredentials()” has no effect on them.