CN101702717A - Method, system and equipment for authenticating Portal - Google Patents

Method, system and equipment for authenticating Portal Download PDF

Info

Publication number
CN101702717A
CN101702717A CN200910223576A CN200910223576A CN101702717A CN 101702717 A CN101702717 A CN 101702717A CN 200910223576 A CN200910223576 A CN 200910223576A CN 200910223576 A CN200910223576 A CN 200910223576A CN 101702717 A CN101702717 A CN 101702717A
Authority
CN
China
Prior art keywords
portal
address
access authentication
portal server
http
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910223576A
Other languages
Chinese (zh)
Other versions
CN101702717B (en
Inventor
刘浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN2009102235763A priority Critical patent/CN101702717B/en
Publication of CN101702717A publication Critical patent/CN101702717A/en
Application granted granted Critical
Publication of CN101702717B publication Critical patent/CN101702717B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses an authentication method of Portal, comprising the following steps: the access authentication equipment receives a network access request, integrates a self-IP address and the URL of a Portal server into a new URL and encapsulates the new URL in an HTTP message to be transmitted; the terminal equipment analyzes the HTTP message, acquires the IP address of the Portal server according to the new URL, and transmits the HTTP message carrying the new URL to the Portal server; the Portal server acquires the IP address of the access authentication equipment according to the new URL carried by the HTTP message and transmits authentication message to the access authentication equipment. In the invention, the Portal server can determine the access authentication equipment corresponding to a terminal in the Portal authentication process, so as to complete the Portal authentication to the terminal.

Description

A kind of method, system and equipment of Portal authentication
Technical field
The present invention relates to the communications field, relate in particular to a kind of method, system and equipment of Portal authentication.
Background technology
The Portal authentication is also referred to as web authentication usually, and the Portal authentication website is commonly referred to as portal website.During the unauthenticated user online, the equipment force users signs in to particular station, and the user can free access service wherein.When the user needs out of Memory in the internet usage, must authenticate in portal website, just can the internet usage resource after having only authentication to pass through.The user can initiatively visit known Portal authentication website, and the input username and password authenticates, and this mode of initiating Portal authentication by the user is called initiatively authentication.Otherwise, if the user attempts to visit other outer nets by HTTP, be forced to visit the Portal authentication website, thus beginning Portal verification process, and this mode is called forcible authentication.
Portal authentication is the authentication of initiating based on browser fully, need not installation agent software on terminal equipment, disposes very conveniently, and its networking as shown in Figure 1.Portal access authentication equipment (switch or router) can be deployed in the Internet exit, also can be deployed on the lower access device in position, need not through authentication when inserting the network of user below authenticating device, when the user visits upper layer data server or Internet by authenticating device, its flow is redirected to Portalserver after by authenticating device, Portal server pushes the web authentication page to browser, and the user finishes authentication by the Web interface.
Existing Portal certificate scheme is made up of four kinds of basic modules: Portal Client (be generally the browser that carries on the terminal PC, for example IE etc.), Portal Server (the Portal assembly of iMC), access authentication equipment (being generally switch/router) and Radius certificate server (the normally AAA assembly of iMC).
Each network equipment of Portal Verification System and the relation between the assembly are as shown in Figure 2.Wherein, PortalServer comprises Portal Web (page), Portal Transfer (transducer) and Portal Kernel (operating system nucleus), operation Portal proprietary protocol between Portal Client and the Portal Server, operation standard P ortal agreement between PortalServer and the access authentication equipment, operation Radius agreement between access authentication equipment and the aaa server.
The flow process of Portal authentication can not directly carry out between client and the Portal Kernel being undertaken alternately by Portal Web and Portal Kernel alternately as shown in Figure 3.Be to be undertaken alternately between client and Portal Web and the access authentication equipment by the HTTP message mode:
1) at first in browser, at will imports an IP address, initiate the HTTP request to this address.
2) after access authentication equipment was received, counterfeit this IP address was a source address, sent response message to user browser.The address (being the portal URL that disposes on the equipment) of the Web client of Portal server is sent to user browser.
3) user browser and Portal Web connect, and initiate the request of obtaining certification page.
4) Portal Web sends message to Portal Kernel, whether inquires NAT (Network AddressTransfer, network address translation) mode, and receives the response of Portal Kernel.
5) Portal Web sends the domain information query requests to Portal Kernel.
6) Portal Kernel sends domain information inquiry response message CODE_PP_DOMAIN_RESPONES 111 (0x6f) to Portal Web, and Portal Web receives after this responds and improves user profile.
7) page request of Portal Web response browser sends to browser with the Portal certification page, finishes redirection process.
8) after being redirected successfully, after input user's the authentication information, click authentication on browser, browser is uploaded authentication information, sends the post message of HTTP.
9) Portal Web initiates authentication request packet to Portal kernel.
10) Portal Kernel sends the REQ_INFO message to access device.
11) access device is responded the message ACK_info of Portal Kernel.
12) Portal kernel sends the challenge request message to access device, and this message does not carry any attribute.
13) access device is responded the challenge message of Portal Kernel.
14) Portal Kernel initiates authentication request to access device.
15) access device message identifying ACK_AUTH (0x04) the errcode=0 authentication success then of responding Portal Kernel; If the Portal authentification failure, errcode is a corresponding error number, if Radius authentification failure, then errcode=1
Comprise attribute (0x05) in the ACK_AUTH authentication back message using, in order to transparent transmission Radius authentication failure message reply-message.Portal Kernel responds authentication result CODE_PP_LOGIN_RESPONSE 101 (0x65) authentication back message using to Portal Web.
16) Portal Kernel sends to equipment and confirms authentication back message using AFF_ACK_AUTH (0x07), and Portal Web sends the authentication success message to user browser.
In the identifying procedure of above-mentioned Portal, the flow of terminal PC browser access destination address is access in authenticating device and intercepts and captures, the IP of the counterfeit destination address of access authentication equipment carries out the HTTP deception to PC, the 302 error notification browsers that send HTTP to the browser of PC want accessed resources to change the position, thereby browser is redirected to Portal server, and browser is initiated the URL resource that TCP connects and read HTTP to Portal server again afterwards.
By last surface analysis as can be known, access authentication equipment only is redirected in this flow process, be not the promoter of authentication, therefore Portal server and do not know the authentication that the user from which access device inserts and carries out, carry out the Radius authentication thereby which access device the authentication information of also not knowing this user sends to, therefore need carry out the corresponding IP address configuration set in Portal server configuration, example is as follows:
Figure G2009102235763D0000031
And this group of addresses corresponded on the concrete access device, shown in the following table configuration:
Figure G2009102235763D0000032
By above-mentioned configuration, the IP of the browser that Portal server just can be by search request authentication is known the concrete access device at this authentication place, and then carries out the transmission and alternately of inquiry, the authenticated user information of user place facility information.
Concrete networking schematic diagram as shown in Figure 4, wherein, when the Portal authentication function is enabled on the higher access authentication equipment Router_B in position, client rs PC _ A is undertaken in the process of Portal authentication by Router_B, even PC_A moves to Switch_B from original Switch_A, but because the IP address of PC_A is constant, Portal server still can send to Router_B with message identifying according to the configuration of group of addresses, and then finds PC_A and message identifying is sent to PC_A by Router_B.
But, when the Portal authentication function is enabled in the lower access authentication equipment in position, Switch_A for example, the corresponding relation of the IP address of Portal server configuration Switch_A and PC_A then, and according to this corresponding relation the message identifying in the PC_A verification process is sent to Switch_A.If PC_A moves to Switch_B from original Switch_A, then because Portal server still disposes the corresponding relation of the IP address of Switch_A and PC_A, therefore, in the Portal verification process of PC_A, the message identifying of Portal Server still sends to Switch_A, but this moment, Switch A can not cause the Portal authentification failure of PC_A with message identifying to sending to PC_A.Simultaneously, existing P ortal verification process needs the corresponding relation of pre-configured access device and user's network segment, can cause configuration effort loaded down with trivial details under the more situation of user, and resource consumption is big.
Therefore, the shortcoming of prior art is:
In the Portal verification process, Portal Server can not directly get access to the IP address of access authentication equipment, the corresponding relation that needs pre-configured access authentication equipment and terminal equipment, and when terminal equipment is moved, can not guarantee accurately to obtain the position of terminal equipment according to access authentication equipment.
Summary of the invention
Portal server the invention provides method, system and the equipment of a kind of Portal authentication, so that can be determined the access authentication equipment of terminal correspondence in the Portal verification process.
The invention provides a kind of method of Portal authentication, be applied to the Portal Verification System, described Portal Verification System comprises access authentication equipment, terminal equipment and Portal server, the uniform resource position mark URL of the described Portal server of described access authentication equipment disposition, this method further may further comprise the steps:
Described access authentication equipment receives the network insertion request, and the URL of self IP address and described Portal server is integrated into new URL, and will this new URL be encapsulated in the HTTP message and sends;
Described terminal equipment is resolved the HTTP message, and the IP address that obtains described Portal server according to described new URL sends the HTTP message that carries described new URL to described Portal server;
Described Portal server obtains the IP address of described access authentication equipment according to the new URL that carries in the HTTP message, sends message identifying to described access authentication equipment.
Described URL with self IP address and described Portal server is integrated into new URL and comprises:
Obtain the URL of described Portal server: Http:// x.x.x.x:8080/portal
The URL of described Portal server and the IP address of described access authentication equipment are integrated, and integrated results is: Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xWherein, described ip=x.x.x.x represents the IP address of described access authentication equipment.
Described terminal equipment is resolved the HTTP message, and the IP address that obtains described Portal server according to described new URL sends the HTTP message that carries described new URL to described Portal server and comprises:
Described terminal equipment extracts described Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xIn the information first X.x.x.x, as the IP address of described Portal server;
Described terminal equipment transmission is carried described Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xThe HTTP message of information, the purpose IP address of described HTTP message be described first X.x.x.x
Described Portal server is according to the new URL that carries in the HTTP message, and the IP address that obtains described access authentication equipment comprises:
Described Portal server obtains described Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xInformation is with wherein the ip=x.x.x.x IP address as described access authentication equipment.
The invention provides a kind of system of Portal authentication, comprise access authentication equipment, terminal equipment and Portal server, the uniform resource position mark URL of the described Portal server of described access authentication equipment disposition, wherein
Described access authentication equipment is used to receive the network insertion request, and the URL of self IP address and described Portal server is integrated into new URL, and will this new URL be encapsulated in the HTTP message and sends;
Described terminal equipment is used to resolve the HTTP message, and the IP address that obtains described Portal server according to described new URL sends the HTTP message that carries described new URL to described Portal server;
Described Portal server is used for the new URL that carries according to the HTTP message, and the IP address that obtains described access authentication equipment sends message identifying to described access authentication equipment.
Described access authentication equipment specifically is used for:
Obtain the URL of described Portal server: Http:// x.x.x.x:8080/portal
The URL of described Portal server and the IP address of described access authentication equipment are integrated, and integrated results is: Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xWherein, described ip=x.x.x.x represents the IP address of described access authentication equipment.
Described terminal equipment specifically is used for:
Extract described Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xIn the information first X.x.x.x, as the IP address of described Portal server;
Transmission is carried described Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xThe HTTP message of information, the purpose IP address of described HTTP message be described first X.x.x.x
Described Portal server specifically is used for:
Obtain described Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xInformation is with wherein the ip=x.x.x.x IP address as described access authentication equipment.
The invention provides a kind of access authentication equipment, be applied to comprise the Portal Verification System of access authentication equipment, terminal equipment and Portal server, this access authentication equipment comprises:
Integral unit is used for the URL of self IP address and described Portal server is integrated into new URL;
Transmit-Receive Unit is used to receive the network insertion request, and the new URL after described integral unit integrated is encapsulated in the HTTP message and sends.
Described integral unit specifically is used for:
Obtain the URL of pre-configured described Portal server: Http:// x.x.x.x:8080/portal
The URL of described Portal server and the IP address of described access authentication equipment are integrated, and integrated results is: Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xWherein, described ip=x.x.x.x represents the IP address of described access authentication equipment.
Compared with prior art, the present invention has the following advantages at least:
Among the present invention, access authentication equipment is integrated into new URL with the URL of self IP address and Portal server, in the HTTP message, carry this new URL during terminal equipment visit Portal server, Portal server is by resolving the IP address that new URL obtains access authentication equipment, thereby determines the access authentication equipment at terminal equipment place in the Portal verification process.
Description of drawings
Fig. 1 is a Portal authentication group net mode schematic diagram in the prior art;
Fig. 2 is that Portal authenticates the schematic diagram that concerns between each network equipment and the assembly in the prior art;
Fig. 3 is the schematic flow sheet of Portal authentication in the prior art;
Fig. 4 is another Portal networking mode schematic diagram in the prior art;
Fig. 5 is the method flow schematic diagram of Portal authentication provided by the invention;
Fig. 6 is the method flow schematic diagram of the Portal authentication that provides in the application scenarios of the present invention;
Fig. 7 is the Portal identifying procedure schematic diagram of Fig. 6 correspondence;
Fig. 8 is the system configuration schematic diagram of Portal authentication provided by the invention;
Fig. 9 is the structural representation of access authentication equipment provided by the invention.
Embodiment
Core concept of the present invention is: in the terminal equipment Portal verification process, the access request of access authentication equipment receiving terminal apparatus, when terminal equipment sends redirection message with self IP address attached to this message in, terminal equipment sends the HTTP request according to redirection message to Portal server, Portal server obtains the IP address of the access authentication equipment that carries in the HTTP request, thereby finishes the Portal verification process of terminal equipment by this access authentication equipment.
Concrete, terminal equipment and access authentication equipment as Authentication Client are set up TCP (Transmission Control Protocol, transmission control protocol) after the link, access authentication equipment extracts the gateway ip address of self, and read pre-configured server URL (Uniform ResourceLocator, URL(uniform resource locator)) positional information, both are integrated into the URL positional information is encapsulated in the HTTP message and returns to Authentication Client, after Authentication Client receives the HTTP message, obtain the URL positional information in the message, send the HTTP request to Portal server according to this URL positional information.Portal server receives the HTTP request of Authentication Client, the IP address that obtains the access authentication equipment that carries in the URL positional information, thus determine Authentication Client place access authentication equipment.
The invention provides a kind of method of Portal authentication, be applied to the Portal Verification System, described Portal Verification System comprises access authentication equipment, terminal equipment and Portal server, the uniform resource position mark URL of the described Portal server of described access authentication equipment disposition, as shown in Figure 5, this method further may further comprise the steps:
Step 501, described access authentication equipment receives the network insertion request, and the URL of self IP address and described Portal server is integrated into new URL, and will this new URL be encapsulated in the HTTP message and sends;
Step 502, described terminal equipment is resolved the HTTP message, and the IP address that obtains described Portal server according to described new URL sends the HTTP message that carries described new URL to described Portal server;
Step 503, described Portal server are obtained the IP address of described access authentication equipment according to the new URL that carries in the HTTP message, send message identifying to described access authentication equipment.
Introduce the method that Portal provided by the invention authenticates in detail below in conjunction with concrete application scenarios, wherein, terminal is an example with the WEB browser, as shown in Figure 6, may further comprise the steps:
Step 601, WEB browser and access authentication equipment are set up the TCP link.
Concrete, in conjunction with shown in Figure 7, key in purpose IP address in the WEB browser, send the TCP linking request according to this IP address to access authentication equipment; The counterfeit purpose IP of access authentication equipment address sends response to the WEB browser; The WEB browser is responded access authentication equipment, sets up TCP with access authentication equipment by three-way handshake and links.
Step 602, the WEB browser sends the HTTP message to access authentication equipment, and access authentication equipment is carried out redirect operation.
After WEB browser and access authentication equipment are set up TCP and linked, send HTTP message request resource to access authentication equipment.Access authentication equipment receives the HTTP message that the WEB browser sends, and extracts the URL position of its own IP address and pre-configured Portal server: Http:// x.x.x.x:8080/portal, access authentication equipment is integrated formation with both: Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xAddress information form after access authentication equipment will be integrated is encapsulated in the HTTP message and sends to the WEB browser, and the HTTP message can be " HTTP302 Moved Temporarily " message, Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xAddress information is encapsulated in the location field of the HTTP message of message.
Step 603, the WEB browser receives the HTTP message that access authentication equipment sends, and the IP address that obtains Portal server sends the URL information of carrying access authentication device address information to Portal server.
Concrete, according to according to http protocol, after the WEB browser receives the HTTP302 message of access authentication equipment transmission, extract location field in the message, acquisition access authentication equipment structure Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xInformation is obtained wherein first X.x.x.x, with this first X.x.x.xBe the IP address of Portal server, and according to this first X.x.x.xSend the HTTP message to Portal server, carry in the HTTP message Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xInformation.
Step 604, Portal server receives the request of WEB browser, obtains the address information of the access authentication equipment that wherein carries, and is mutual by access authentication equipment and WEB browser, finishes the authentication to the WEB browser.
Concrete, Portal server is received the URL information of WEB browser, extract IP parameter wherein: ip=x.x.x.x, it is the IP address of access authentication equipment, determine the access authentication equipment of WEB browser correspondence according to this IP address, finish verification process the WEB browser by this access authentication equipment.
By adopting method provided by the invention, access authentication equipment is integrated into new URL with the URL of self IP address and Portal server, in the HTTP message, carry this new URL during terminal equipment visit Portal server, Portal server is by resolving the IP address that new URL obtains access authentication equipment, thereby determines the access authentication equipment at terminal equipment place in the Portal verification process.
The invention provides a kind of system of Portal authentication, as shown in Figure 8, comprise access authentication equipment 10, terminal equipment 20 and Portal server 30, the uniform resource position mark URL of the described Portal server 30 of described access authentication equipment 10 configurations, wherein
Described access authentication equipment 10 is used to receive the network insertion request, and the URL of self IP address and described Portal server is integrated into new URL, and will this new URL be encapsulated in the HTTP message and sends.Concrete, the network insertion request that described access authentication equipment 10 receiving terminal apparatus 20 send, obtain the URL of the described Portal server of configuration: Http:// x.x.x.x:8080/portalThe URL and its own IP address of described Portal server are integrated, and integrated results is: Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xWherein, described ip=x.x.x.x represents its own IP address, and described access authentication equipment 10 sends the HTTP redirection messages to described terminal equipment 20, the URL carry integration in this HTTP redirection message after: Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.x, the URL after this integration can be stored in the location field of HTTP message.
Described terminal equipment 20 is used to resolve the HTTP message, and the IP address that obtains described Portal server 30 according to described new URL sends the HTTP message that carries described new URL to described Portal server 30.Concrete, terminal equipment 20 extracts described Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xIn the information first X.x.x.x, with this first X.x.x.xIP address as described Portal server; Send the HTTP message according to this IP address to Portal server 30, carry this IP address in the heading of HTTP message, carry in the message body of HTTP message Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xInformation.
Described Portal server 30 is used for the new URL that carries according to the HTTP message, and the IP address that obtains described access authentication equipment 10 sends message identifyings to described access authentication equipment 10.Concrete, described Portal server 30 obtains described Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xInformation, with wherein ip=x.x.x.x IP address as described access authentication equipment, mutual according to this IP address and access authentication equipment 10, and pass through access authentication equipment 10 to terminal equipment 20 transmission message identifyings, realize Portal authentication to terminal equipment 20.
The present invention also provides a kind of access authentication equipment, is applied to comprise the Portal Verification System of access authentication equipment, terminal equipment and Portal server, and as shown in Figure 9, this access authentication equipment comprises:
Integral unit 11 is used for the URL of self IP address and described Portal server is integrated into new URL.Concrete, described integral unit 11 is obtained the URL of pre-configured described Portal server: Http:// x.x.x.x:8080/portalThe URL of described Portal server and the IP address of described access authentication equipment are integrated, and integrated results is: Http:// x.x.x.x:8080/portal/index.jsp? ip=x.x.x.xWherein, described ip=x.x.x.x represents the IP address of described access authentication equipment.
Transmit-Receive Unit 12 is used to receive the network insertion request, and the new URL after described integral unit 10 integrated is encapsulated in the HTTP message and sends.
By adopting system provided by the invention and equipment, access authentication equipment is integrated into new URL with the URL of self IP address and Portal server, in the HTTP message, carry this new URL during terminal equipment visit Portal server, Portal server is by resolving the IP address that new URL obtains access authentication equipment, thereby determines the access authentication equipment at terminal equipment place in the Portal verification process.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, module in the accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device among the embodiment can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be merged into a module, also can further split into a plurality of submodules.
The invention described above embodiment sequence number is not represented the quality of embodiment just to description.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.

Claims (10)

1. the method for Portal authentication, it is characterized in that, be applied to the Portal Verification System, described Portal Verification System comprises access authentication equipment, terminal equipment and Portal server, the uniform resource position mark URL of the described Portal server of described access authentication equipment disposition, this method further may further comprise the steps:
Described access authentication equipment receives the network insertion request, and the URL of self IP address and described Portal server is integrated into new URL, and will this new URL be encapsulated in the HTTP message and sends;
Described terminal equipment is resolved the HTTP message, and the IP address that obtains described Portal server according to described new URL sends the HTTP message that carries described new URL to described Portal server;
Described Portal server obtains the IP address of described access authentication equipment according to the new URL that carries in the HTTP message, sends message identifying to described access authentication equipment.
2. the method for claim 1 is characterized in that, described URL with self IP address and described Portal server is integrated into new URL and comprises:
Obtain the URL:http of described Portal server: //x.x.x.x:8080/portal;
The URL of described Portal server and the IP address of described access authentication equipment to be integrated, is integrated results: http://x.x.x.x:8080/portal/index.jsp? ip=x.x.x.x; Wherein, described ip=x.x.x.x represents the IP address of described access authentication equipment.
3. method as claimed in claim 2 is characterized in that, described terminal equipment is resolved the HTTP message, and the IP address that obtains described Portal server according to described new URL sends the HTTP message that carries described new URL to described Portal server and comprises:
Does described terminal equipment extract described http://x.x.x.x:8080/portal/index.jsp? first x.x.x.x in the ip=x.x.x.x information is as the IP address of described Portal server;
Does described terminal equipment send and carries described http://x.x.x.x:8080/portal/index.jsp? the HTTP message of ip=x.x.x.x information, the purpose IP address of described HTTP message are described first x.x.x.x.
4. as claim 2 or 3 described methods, it is characterized in that described Portal server is according to the new URL that carries in the HTTP message, the IP address that obtains described access authentication equipment comprises:
Does described Portal server obtain described http://x.x.x.x:8080/portal/index.jsp? ip=x.x.x.x information is with wherein the ip=x.x.x.x IP address as described access authentication equipment.
5. the system of a Portal authentication is characterized in that, comprises access authentication equipment, terminal equipment and Portal server, the uniform resource position mark URL of the described Portal server of described access authentication equipment disposition, wherein
Described access authentication equipment is used to receive the network insertion request, and the URL of self IP address and described Portal server is integrated into new URL, and will this new URL be encapsulated in the HTTP message and sends;
Described terminal equipment is used to resolve the HTTP message, and the IP address that obtains described Portal server according to described new URL sends the HTTP message that carries described new URL to described Portal server;
Described Portal server is used for the new URL that carries according to the HTTP message, and the IP address that obtains described access authentication equipment sends message identifying to described access authentication equipment.
6. system as claimed in claim 5 is characterized in that, described access authentication equipment specifically is used for:
Obtain the URL:http of described Portal server: //x.x.x.x:8080/portal;
The URL of described Portal server and the IP address of described access authentication equipment to be integrated, is integrated results: http://x.x.x.x:8080/portal/index.jsp? ip=x.x.x.x; Wherein, described ip=x.x.x.x represents the IP address of described access authentication equipment.
7. system as claimed in claim 6 is characterized in that, described terminal equipment specifically is used for:
Do you extract described http://x.x.x.x:8080/portal/index.jsp? first x.x.x.x in the ip=x.x.x.x information is as the IP address of described Portal server;
Is described http://x.x.x.x:8080/portal/index.jsp carried in transmission? the HTTP message of ip=x.x.x.x information, the purpose IP address of described HTTP message are described first x.x.x.x.
8. as claim 5 or 6 described systems, it is characterized in that described Portal server specifically is used for:
Do you obtain described http://x.x.x.x:8080/portal/index.jsp? ip=x.x.x.x information is with wherein the ip=x.x.x.x IP address as described access authentication equipment.
9. an access authentication equipment is characterized in that, is applied to comprise the Portal Verification System of access authentication equipment, terminal equipment and Portal server, and this access authentication equipment comprises:
Integral unit is used for the URL of self IP address and described Portal server is integrated into new URL;
Transmit-Receive Unit is used to receive the network insertion request, and the new URL after described integral unit integrated is encapsulated in the HTTP message and sends.
10. access authentication equipment as claimed in claim 9 is characterized in that, described integral unit specifically is used for:
Obtain the URL:http of pre-configured described Portal server: //x.x.x.x:8080/portal;
The URL of described Portal server and the IP address of described access authentication equipment to be integrated, is integrated results: http://x.x.x.x:8080/portal/index.jsp? ip=x.x.x.x; Wherein, described ip=x.x.x.x represents the IP address of described access authentication equipment.
CN2009102235763A 2009-11-24 2009-11-24 Method, system and equipment for authenticating Portal Active CN101702717B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009102235763A CN101702717B (en) 2009-11-24 2009-11-24 Method, system and equipment for authenticating Portal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009102235763A CN101702717B (en) 2009-11-24 2009-11-24 Method, system and equipment for authenticating Portal

Publications (2)

Publication Number Publication Date
CN101702717A true CN101702717A (en) 2010-05-05
CN101702717B CN101702717B (en) 2013-04-17

Family

ID=42157610

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009102235763A Active CN101702717B (en) 2009-11-24 2009-11-24 Method, system and equipment for authenticating Portal

Country Status (1)

Country Link
CN (1) CN101702717B (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571846A (en) * 2010-12-23 2012-07-11 北京启明星辰信息技术股份有限公司 Method and device for forwarding hyper text transport protocol (HTTP) request
CN102624729A (en) * 2012-03-12 2012-08-01 北京星网锐捷网络技术有限公司 Web authentication method, device and system
CN103701760A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Wireless LAN (Local Area Network) Portal authentication method and system and Portal server
CN103986793A (en) * 2013-02-07 2014-08-13 杭州华三通信技术有限公司 Method and system for improving utilization efficiency of Portal authenticated-user IP addresses
CN104796437A (en) * 2014-01-16 2015-07-22 深圳市快播科技有限公司 Method, device and system for querying geographical location information based on Nginx
CN104836812A (en) * 2015-05-26 2015-08-12 杭州华三通信技术有限公司 Portal authentication method, device and system
CN105007581A (en) * 2015-08-12 2015-10-28 腾讯科技(深圳)有限公司 Network access authentication method and network access authentication client
CN105162802A (en) * 2015-09-29 2015-12-16 深圳市华讯方舟科技有限公司 Portal authentication method and Portal authentication server
CN106131863A (en) * 2016-08-08 2016-11-16 湖州经典网络安防科技有限公司 Wireless outer net system
WO2017181800A1 (en) * 2016-04-22 2017-10-26 上海斐讯数据通信技术有限公司 Adaptive portal authentication page system based on operating system, and method for same
CN108092974A (en) * 2017-12-14 2018-05-29 杭州迪普科技股份有限公司 Network access authentication method and device
CN108900587A (en) * 2018-05-22 2018-11-27 四川斐讯信息技术有限公司 A kind of intelligent terminal acts on behalf of decision system
CN109040046A (en) * 2018-07-25 2018-12-18 新华三技术有限公司 network access method and device
CN110474958A (en) * 2019-07-12 2019-11-19 锐捷网络股份有限公司 Method, server, fixed terminal and the mobile terminal of barcode scanning certification
CN110972139A (en) * 2019-11-07 2020-04-07 锐捷网络股份有限公司 Method and gateway for realizing internet access authentication of mobile terminal
CN113949562A (en) * 2021-10-15 2022-01-18 迈普通信技术股份有限公司 Portal authentication method, device and system, electronic equipment and storage medium
CN114944927A (en) * 2022-03-17 2022-08-26 国网浙江省电力有限公司杭州供电公司 Portal authentication-based client-side-free mutual exclusion access platform

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1327374C (en) * 2003-05-21 2007-07-18 中兴通讯股份有限公司 Method for forced push-off web
CN101437048B (en) * 2008-11-11 2013-04-17 中国移动通信集团北京有限公司 Method and system for pushing personalized page

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571846B (en) * 2010-12-23 2014-11-19 北京启明星辰信息技术股份有限公司 Method and device for forwarding hyper text transport protocol (HTTP) request
CN102571846A (en) * 2010-12-23 2012-07-11 北京启明星辰信息技术股份有限公司 Method and device for forwarding hyper text transport protocol (HTTP) request
CN102624729A (en) * 2012-03-12 2012-08-01 北京星网锐捷网络技术有限公司 Web authentication method, device and system
CN102624729B (en) * 2012-03-12 2015-07-22 北京星网锐捷网络技术有限公司 Web authentication method, device and system
CN103701760A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Wireless LAN (Local Area Network) Portal authentication method and system and Portal server
CN103986793B (en) * 2013-02-07 2018-05-15 新华三技术有限公司 A kind of method and system of lifting Portal certification IP address service efficiencies
CN103986793A (en) * 2013-02-07 2014-08-13 杭州华三通信技术有限公司 Method and system for improving utilization efficiency of Portal authenticated-user IP addresses
CN104796437A (en) * 2014-01-16 2015-07-22 深圳市快播科技有限公司 Method, device and system for querying geographical location information based on Nginx
CN104836812A (en) * 2015-05-26 2015-08-12 杭州华三通信技术有限公司 Portal authentication method, device and system
US10869196B2 (en) 2015-08-12 2020-12-15 Tencent Technology (Shenzhen) Company Limited Internet access authentication method and client, and computer storage medium
CN105007581A (en) * 2015-08-12 2015-10-28 腾讯科技(深圳)有限公司 Network access authentication method and network access authentication client
CN105007581B (en) * 2015-08-12 2018-03-20 腾讯科技(深圳)有限公司 A kind of network access authentication method and client
US10511970B2 (en) 2015-08-12 2019-12-17 Tencent Technology (Shenzhen) Company Limited Internet access authentication method and client, and computer storage medium
CN105162802A (en) * 2015-09-29 2015-12-16 深圳市华讯方舟科技有限公司 Portal authentication method and Portal authentication server
CN105162802B (en) * 2015-09-29 2018-10-23 华讯方舟科技有限公司 Portal authentication method and certificate server
WO2017181800A1 (en) * 2016-04-22 2017-10-26 上海斐讯数据通信技术有限公司 Adaptive portal authentication page system based on operating system, and method for same
CN106131863A (en) * 2016-08-08 2016-11-16 湖州经典网络安防科技有限公司 Wireless outer net system
CN108092974A (en) * 2017-12-14 2018-05-29 杭州迪普科技股份有限公司 Network access authentication method and device
CN108092974B (en) * 2017-12-14 2021-05-28 杭州迪普科技股份有限公司 Internet access authentication method and device
CN108900587A (en) * 2018-05-22 2018-11-27 四川斐讯信息技术有限公司 A kind of intelligent terminal acts on behalf of decision system
CN109040046B (en) * 2018-07-25 2021-01-26 新华三技术有限公司 Network access method and device
CN109040046A (en) * 2018-07-25 2018-12-18 新华三技术有限公司 network access method and device
CN110474958A (en) * 2019-07-12 2019-11-19 锐捷网络股份有限公司 Method, server, fixed terminal and the mobile terminal of barcode scanning certification
CN110474958B (en) * 2019-07-12 2022-05-20 锐捷网络股份有限公司 Code scanning authentication method, server, fixed terminal and mobile terminal
CN110972139A (en) * 2019-11-07 2020-04-07 锐捷网络股份有限公司 Method and gateway for realizing internet access authentication of mobile terminal
CN113949562A (en) * 2021-10-15 2022-01-18 迈普通信技术股份有限公司 Portal authentication method, device and system, electronic equipment and storage medium
CN113949562B (en) * 2021-10-15 2023-11-17 迈普通信技术股份有限公司 Portal authentication method, device, system, electronic equipment and storage medium
CN114944927A (en) * 2022-03-17 2022-08-26 国网浙江省电力有限公司杭州供电公司 Portal authentication-based client-side-free mutual exclusion access platform
CN114944927B (en) * 2022-03-17 2023-08-08 国网浙江省电力有限公司杭州供电公司 Portal authentication-based client-free mutual exclusion access platform

Also Published As

Publication number Publication date
CN101702717B (en) 2013-04-17

Similar Documents

Publication Publication Date Title
CN101702717B (en) Method, system and equipment for authenticating Portal
CN107404485B (en) Self-verification cloud connection method and system thereof
CN110300117A (en) Authentication method, equipment and the medium of IOT equipment and user's binding
CN103581184B (en) The method and system of mobile terminal accessing corporate intranet server
EP3120591B1 (en) User identifier based device, identity and activity management system
CN104144163B (en) Auth method, apparatus and system
CN101873332B (en) WEB authentication method and equipment based on proxy server
CN102710667B (en) Method for realizing Portal authentication server attack prevention and broadband access server
CN105981345B (en) The Lawful intercept of WI-FI/ packet-based core networks access
US9065526B2 (en) Relay device, relay method, and relay device control program
CN105554098A (en) Device configuration method, server and system
CN103825881A (en) Method and apparatus for realizing redirection of WLAN user based on wireless access controller (AC)
CN105162802B (en) Portal authentication method and certificate server
CN105873055B (en) Wireless network access authentication method and device
CN104811462A (en) Access gateway redirection method and access gateway
CN103200159A (en) Network access method and equipment
CN104836812A (en) Portal authentication method, device and system
CN101656609A (en) Single sign-on method, system and device thereof
CN106603556B (en) Single-point logging method, apparatus and system
WO2018045798A1 (en) Network authentication method and related device
CN108809969B (en) Authentication method, system and device
CN104811439A (en) Portal authentication method and device
CN105991518A (en) Network access authentication method and device
CN102638472B (en) Portal authentication method and equipment
CN107135506B (en) A kind of portal authentication method, apparatus and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Patentee after: Xinhua three Technology Co., Ltd.

Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base

Patentee before: Huasan Communication Technology Co., Ltd.