CN111049946B - Portal authentication method, portal authentication system, electronic equipment and storage medium - Google Patents

Portal authentication method, portal authentication system, electronic equipment and storage medium Download PDF

Info

Publication number
CN111049946B
CN111049946B CN201911351208.7A CN201911351208A CN111049946B CN 111049946 B CN111049946 B CN 111049946B CN 201911351208 A CN201911351208 A CN 201911351208A CN 111049946 B CN111049946 B CN 111049946B
Authority
CN
China
Prior art keywords
authentication
portal server
portal
network
authentication information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911351208.7A
Other languages
Chinese (zh)
Other versions
CN111049946A (en
Inventor
刘延辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201911351208.7A priority Critical patent/CN111049946B/en
Publication of CN111049946A publication Critical patent/CN111049946A/en
Application granted granted Critical
Publication of CN111049946B publication Critical patent/CN111049946B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a Portal authentication method, a Portal authentication system, a device and a computer readable storage medium, wherein the method comprises the following steps: sending a TCP connection request to a Portal server, and establishing a TCP long connection with the Portal server; acquiring authentication information forwarded by a Portal server based on the established TCP long connection; and determining an authentication result for authenticating the authentication information, and determining whether to allow a response to the network access request according to the authentication result. In the application, as the TCP long connection is established between the Portal server and the access control equipment, the Portal server can directly send the authentication information without NAT penetration; and the access control equipment initiatively initiates connection to the Portal server, and the address and docking parameters of the access control equipment do not need to be configured in advance on one side of the Portal server, so that the configuration process is simplified, and the working efficiency is effectively improved.

Description

Portal authentication method, portal authentication system, electronic equipment and storage medium
Technical Field
The present application relates to the field of identity authentication technologies, and in particular, to a method and a system for Portal authentication, an electronic device, and a computer-readable storage medium.
Background
In the conventional technology, a Portal docking Protocol mainly uses a UDP (User Datagram Protocol) message, and when a public Network Portal server actively sends authentication information to an Access Controller (AC) device, NAT (Network Address Translation) traversal is required.
A common NAT traversal solution usually uses port mapping, i.e. mapping the service port of an intranet AC device to a port of the public network IP of the AC device outlet. However, in this way, the AC devices of multiple branch mesh points all need to do port mapping; if the network address of the AC device changes, port mapping needs to be reconfigured; not only the AC equipment needs to configure the address and the docking parameters of the Portal server, but also the Portal server needs to configure the address and the docking parameters after the AC equipment is mapped, the configuration process is complicated and time-consuming, and the working efficiency is low.
Disclosure of Invention
The application aims to provide a Portal authentication method, a Portal authentication system, electronic equipment and a computer readable storage medium, NAT penetration is not needed in the authentication process, the configuration process is simplified, and the working efficiency is effectively improved.
In order to achieve the above object, the present application provides a Portal authentication method, including:
sending a TCP connection request to a Portal server, and establishing a TCP long connection with the Portal server;
acquiring authentication information forwarded by the Portal server based on the established TCP long connection; the authentication information is submitted by the Portal server after the terminal equipment accesses the network and initiates a network access request;
and determining an authentication result for authenticating the authentication information, and determining whether to allow the response to the network access request according to the authentication result.
Optionally, the sending a TCP connection request to a Portal server, after establishing a TCP long connection with the Portal server, includes:
sending a heartbeat packet to the Portal server according to a preset time period so as to maintain the TCP long connection;
and if the heartbeat response returned by the Portal server aiming at the heartbeat packet is not received within a preset time period, judging that the Portal server is abnormal.
Optionally, after determining that the Portal server is abnormal, the method further includes:
and carrying out temporary authentication and authorization on the terminal equipment by utilizing the authentication strategy of the access control equipment so as to ensure that the terminal equipment passing the authentication normally accesses the network.
Optionally, after determining that the Portal server is abnormal, the method further includes:
and generating corresponding abnormal prompt information, and sending the abnormal prompt information to an administrator terminal for performing abnormal processing prompt.
Before the authentication information forwarded by the Portal server is obtained based on the established TCP long connection, the method further comprises the following steps:
acquiring a network access request initiated by terminal equipment accessed to a network;
judging whether the terminal equipment passes authentication;
if yes, skipping the step of obtaining authentication information based on the established TCP long connection, and directly responding to the network access request;
if not, entering the step of obtaining authentication information based on the established TCP long connection;
the obtaining of the authentication information forwarded by the Portal server based on the established TCP long connection comprises the following steps:
if the terminal equipment is not authenticated, redirecting to an authentication page address of the Portal server so that the terminal equipment accesses a login page based on the authentication page address;
and acquiring authentication information which is forwarded by the Portal server and submitted by the terminal equipment through the login page based on the established TCP long connection.
Optionally, the determining an authentication result for authenticating the authentication information includes:
and sending the authentication information to a remote user dialing authentication server, and acquiring an authentication result obtained after the authentication information is authenticated and returned by the remote user dialing authentication server.
Optionally, the determining an authentication result for authenticating the authentication information and determining whether to allow the response to the network access request according to the authentication result includes:
if the authentication result is authentication failure, forbidding to respond to the network access request, sending authentication error prompt information, and returning to the step of acquiring authentication information based on the established TCP long connection for re-authentication;
and if the authentication result is that the authentication is successful, allowing the response to the network access request and redirecting to the corresponding network address.
To achieve the above object, the present application provides a Portal authentication system, comprising:
the connection establishing module is used for sending a TCP connection request to a Portal server and establishing a TCP long connection with the Portal server;
the authentication acquisition module is used for acquiring the authentication information forwarded by the Portal server based on the established TCP long connection; the authentication information is submitted by the Portal server after the terminal equipment accesses the network and initiates a request for accessing the network;
and the result determining module is used for determining an authentication result for authenticating the authentication information and determining whether to allow the response of the network access request according to the authentication result.
To achieve the above object, the present application provides an electronic device including:
a memory for storing a computer program;
a processor for implementing the steps of any of the Portal authentication methods disclosed above when executing the computer program.
To achieve the above object, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of any of the Portal authentication methods disclosed in the foregoing.
According to the scheme, the Portal authentication method provided by the application comprises the following steps: sending a TCP connection request to a Portal server, and establishing a TCP long connection with the Portal server; acquiring authentication information forwarded by the Portal server based on the established TCP long connection; the authentication information is submitted by the Portal server after the terminal equipment accesses the network and initiates a network access request; and determining an authentication result for authenticating the authentication information, and determining whether to allow the response to the network access request according to the authentication result. According to the method, when Portal authentication is carried out, the access control equipment actively sends a TCP connection request to the Portal server, so that TCP long connection is established with the Portal server, in the subsequent authentication process, as long connection is established between the Portal server and the access control equipment, the Portal server can directly send authentication information without NAT penetration, in addition, the access control equipment actively sends connection to the Portal server, and the address and the butt-joint parameters of the access control equipment do not need to be configured in advance on one side of the Portal server, so that the configuration process is simplified, and the working efficiency is effectively improved.
The application also discloses a Portal authentication system, an electronic device and a computer readable storage medium, and the technical effects can be realized.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is an architecture diagram of a Portal authentication system in a specific application scenario disclosed in an embodiment of the present application;
FIG. 2 is a flowchart of a Portal authentication method disclosed in an embodiment of the present application;
FIG. 3 is a flow chart of another Portal authentication method disclosed in the embodiments of the present application;
FIG. 4 is a timing diagram of a specific Portal authentication method disclosed in an embodiment of the present application;
FIG. 5 is a block diagram of a Portal authentication system disclosed in an embodiment of the present application;
FIG. 6 is a block diagram of an electronic device according to an embodiment of the disclosure;
fig. 7 is a block diagram of another electronic device disclosed in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to ensure the network security, the identity authentication is usually performed before the internet is accessed. In consideration of the complexity of the mobile terminal, the installation of the authentication client on the terminal for identity authentication is difficult to realize, and most intelligent terminals are equipped with web browsers, so that the identity authentication through a webpage becomes a feasible implementation mode. Portal authentication, namely, a mode of providing identity authentication for a user in a webpage form, in the traditional technology, a protocol of Portal authentication mode docking mainly uses UDP messages, when a public network Portal server actively sends authentication information to an intranet AC (Access Controller) device, an intranet is also called a Local Area Network (LAN), generally refers to a network formed under a specific environment, and an IP address obtained by a computer on the intranet is a reserved address on the Internet; compared with the intranet, the IP Address obtained by the computer accessing the internet through the public Network is a common Address of the internet, the computer of the public Network and other computers on the internet can access each other at will, and since the intranet cannot be directly connected to the external Network, NAT (Network Address Translation) traversal needs to be performed at this time, however, a common NAT traversal solution generally uses port mapping, in which AC devices of a plurality of branch nodes all need to perform port mapping; if the network address of the AC device changes, port mapping needs to be reconfigured; not only the AC equipment needs to configure the address and docking parameters of the Portal server, but also the Portal server needs to configure the address and docking parameters mapped by the AC equipment, and the configuration process is complicated and time-consuming, and the working efficiency is low.
Therefore, the embodiment of the application discloses a Portal authentication method, NAT penetration is not needed in the authentication process, the configuration process is simplified, and the working efficiency is effectively improved.
In order to facilitate understanding of the Portal authentication method provided in the present application, a system for use thereof will be described below. Referring to fig. 1, an architecture diagram of a Portal authentication system provided by an embodiment of the present application is shown. As shown in fig. 1, the system includes a user terminal 10, an access control device 20, a server 30 and an authentication center 40, and the user terminal 10 and the access control device 20, the access control device 20 and the server 30, and the access control device 20 and the authentication center 40 are connected in communication via a network 50. The user terminal 10, the access control device 20, the server 30 and the authentication center 40 may further include a processor, a memory, a communication interface, an input unit, a display, a communication bus, and the like, and the processor, the memory, the communication interface, the input unit, the display, and the communication bus complete communication therebetween.
In this application, the access control device 20 is configured to obtain an access request initiated by the user terminal 10, and return a login page to the user terminal 10 through the server 30, so that the user terminal 10 submits authentication information through the login page. Further, the server 30 may forward the authentication information to the authentication center 40 through the access control device 20 for authentication, and obtain a corresponding authentication result, and the server 30 may determine whether to allow the access request of the user terminal 10 to be responded to according to the authentication result.
Specifically, the user terminal 10 is configured to send an access request to the access control device 20, and may display a login page, which may specifically include but is not limited to a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like, or an intelligent wearable device.
It should be noted that the access control device 20 is a network device, i.e., a wireless controller, a graph switch, a router, etc., and is responsible for managing access points in a wireless network in a certain area, in which a plurality of functions such as a three-layer switch and an authentication system are integrated, so that configuration issuing, configuration modification, access control of users, etc. for different access points can be implemented. The server 30 of the present application may include, but is not limited to: a single web server, a server group of multiple web servers, or a cloud based on cloud computing consisting of a large number of computers or web servers. The authentication center 40 is configured to receive the authentication information transmitted by the access control device 20, authenticate the authentication information, and return a corresponding authentication result to the access control device 20.
It can be understood that the network 50 in the present application may be determined according to the network condition and the application requirement in the actual application process, and may be a wireless communication network, such as a mobile communication network or a WiFi network, or a wired communication network; either a wide area network or a local area network may be used as circumstances warrant.
Referring to fig. 2, a Portal authentication method disclosed in an embodiment of the present application includes:
s101: sending a TCP connection request to a Portal server, and establishing a TCP long connection with the Portal server;
in the embodiment of the application, the access control device actively initiates a TCP connection request to the Portal server so as to establish a long TCP (transmission control protocol) connection with the Portal server. The TCP connection request may include, but is not limited to, identification information of the access control device, a connection password, and the like. The access control equipment is specifically network equipment which can redirect all network requests needing identity authentication in a management area to a Portal server; in the authentication process, the access control equipment is used for interacting with a Portal server to complete the identity authentication and authorization functions; after the authentication is passed, the user is allowed to access the authorized network resource.
It should be noted that, TCP needs to establish a connection between the server and the client before the actual read-write operation, after the read-write operation is completed, both sides can release the connection, and the establishment of the connection needs to go through a three-way handshake process, and the release of the connection needs to go through a four-way handshake process, which consumes a lot of resources and time. In a specific implementation, after the TCP long connection with the Portal server is established, the access control device may further send a heartbeat packet to the Portal server according to a preset time period, so as to maintain the TCP long connection. That is, the access control device sends a heartbeat packet to the Portal server at regular time, and the Portal server replies a heartbeat response to the access control device after receiving the heartbeat packet. And if the heartbeat response returned by the Portal server aiming at the heartbeat packet is not received within the preset time period, judging that the Portal server is abnormal. Specifically, the preset time period may be set to 3 to 60 seconds, taking into account the network delay of the public network communication and the processing pressure of the Portal server; the preset time period may be set by default by a system, for example, may default to three to five time periods, or may be specifically set by a user according to a specific implementation scenario, which is not specifically limited herein.
S102: acquiring authentication information forwarded by the Portal server based on the established TCP long connection; the authentication information is submitted by the Portal server after the terminal equipment accesses the network and initiates a request for accessing the network;
in this step, the access control device may communicate with the Portal server based on the TCP long connection established in the above step. In the Portal authentication process, after the terminal equipment accesses the network and initiates a request for accessing the network, a Portal server can be used for providing a corresponding user interface or interface for the terminal equipment so that the terminal equipment can submit corresponding authentication information. After the Portal server receives the authentication information submitted by the terminal equipment, the authentication information can be forwarded to the access control equipment by utilizing the established TCP long connection.
It can be understood that, because of the use of long TCP connections, the Portal server does not need to configure the network parameters of the access control devices, and does not need to perform port mapping for each access control device when the Portal server sends authentication information to the access control devices. In addition, the problem that a complex protocol is needed to ensure that an opposite terminal receives data when a UDP data packet is transmitted in a public network environment in the traditional technology is solved by using the TCP long connection for communication.
S103: and determining an authentication result for authenticating the authentication information, and determining whether to allow the response to the network access request according to the authentication result.
After the access control equipment acquires the authentication information forwarded by the Portal server, the authentication information is authenticated and a corresponding authentication result is obtained, and then whether the access network request initiated by the current terminal equipment is allowed to be released or not can be selected according to the authentication result so as to determine whether the response is carried out on the access network request or not.
In a possible implementation manner, the process of determining the authentication result for authenticating the authentication information may specifically be: and sending the Authentication information to a Remote Authentication Dial In User Service (RADIUS) server, and acquiring an Authentication result obtained after Authentication is carried out on the Authentication information returned by the RADIUS server. That is, in the embodiment of the present application, after the access control device obtains the authentication information forwarded by the Portal server, the authentication information may be forwarded to the RADIUS server, and the RADIUS server is used to authenticate the authentication information, obtain the corresponding authentication result, and return the authentication result to the access control device. Specifically, the RADIUS server is one of AAA (Authentication, authorization, accounting) servers, and the RADIUS is a document protocol for performing Authentication, authorization, and Accounting information between a network access server requiring an Authentication link and a shared Authentication server.
Specifically, the process of determining an authentication result for authenticating the authentication information and determining whether to allow the response to the network access request according to the authentication result may include: if the authentication result is authentication failure, forbidding to respond to the network access request, sending authentication error prompt information, and returning to the step of acquiring authentication information based on the established TCP long connection for re-authentication; and if the authentication result is that the authentication is successful, allowing the response to the network access request, and redirecting to the corresponding network address to respond to the network access request.
It can be understood that, if the authentication result corresponding to the authentication information is authentication failure, the terminal device is represented as not being authenticated, the response to the network access request initiated by the terminal device is prohibited, meanwhile, the authentication error prompt information can be displayed on the terminal device by using the authentication interface to prompt the user, and the step of obtaining the authentication information of the terminal device can be returned to perform authentication again. If the authentication result corresponding to the authentication information is successful, the terminal equipment is represented to pass the authentication, the response to the network access request initiated by the terminal equipment is allowed, and the network address corresponding to the network access request can be redirected, so that the terminal equipment accesses the corresponding network interface based on the network address. Specifically, the authentication information may include related information such as a user name and a password, and the RADIUS server is used to verify the validity of the user name and the password, and if the validity is verified, the authentication result corresponding to the current authentication information is successful; and if the validity check is not passed, the authentication result corresponding to the current authentication information is authentication failure.
If the Portal server is abnormal, the terminal equipment which needs to access the network at present cannot be authenticated, so that the network of the terminal equipment is disconnected. Therefore, as a preferred implementation mode, after the Portal server is judged to be abnormal through the long connection state between the access control device and the Portal server, the escape strategy is started, and the terminal device is subjected to temporary authentication and authorization by using the authentication strategy of the access control device, so that the terminal device which passes through the authentication strategy of the access control device can normally access the network when the Portal server is abnormal, and the influence on the user experience due to long-time network disconnection is avoided. .
In addition, in a specific implementation manner, after the Portal server is judged to be abnormal, the embodiment of the application can also generate corresponding abnormal prompt information, and send the abnormal prompt information to the administrator terminal for exception handling prompt, so that the administrator can timely know the abnormal condition and timely handle the server abnormality, the server service is recovered as soon as possible, the abnormal time of the server is shortened, and the disaster tolerance effect of the system is improved.
According to the scheme, the Portal authentication method provided by the application comprises the following steps: sending a TCP connection request to a Portal server, and establishing a TCP long connection with the Portal server; acquiring authentication information forwarded by the Portal server based on the established TCP long connection; the authentication information is submitted by the Portal server after the terminal equipment accesses the network and initiates a request for accessing the network; and determining an authentication result for authenticating the authentication information, and determining whether to allow the response to the network access request according to the authentication result. According to the method, when Portal authentication is carried out, a TCP connection request is actively sent to a Portal server by access control equipment, so that TCP long connection is established with the Portal server, in the subsequent authentication process, long connection is established between the Portal server and the access control equipment, the Portal server can directly send authentication information without NAT penetration, the access control equipment actively sends connection to the Portal server, namely, only docking parameters of the server need to be configured on one side of the access control equipment, the address and the docking parameters of the access control equipment do not need to be configured on one side of the Portal server in advance, if the network address of the access control equipment is changed, reconfiguration is not needed, the configuration process is simplified, and the working efficiency is effectively improved.
The embodiment of the application discloses another Portal authentication method, and compared with the previous embodiment, the embodiment further explains and optimizes the technical scheme. Referring to fig. 3, specifically:
s201: sending a TCP connection request to a Portal server, and establishing a TCP long connection with the Portal server;
s202: acquiring a network access request initiated by terminal equipment accessed to a network;
in the embodiment of the application, after the terminal device accesses the network, the terminal device may initiate a network access request to the access control device.
S203: judging whether the terminal equipment passes authentication; if not, go to step S204; if yes, go to step S207;
after the access control device obtains the network access request initiated by the terminal device, it may first determine whether the terminal device has passed authentication. If the authentication is not passed, entering an authentication process for the terminal equipment.
S204: redirecting to an authentication page address of the Portal server to enable the terminal equipment to access a login page based on the authentication page address;
if the terminal equipment which initiates the network access request does not pass the authentication, the access control equipment redirects to the authentication page address of the Portal server, and the terminal equipment can access the login page according to the authentication page address.
S205: acquiring authentication information which is forwarded by the Portal server and submitted by the terminal equipment through the login page based on the established TCP long connection;
in this step, after the terminal device accesses the corresponding login page through the authentication page address, corresponding authentication information, such as a user name and a password, may be entered into the login page. After the entry is completed, the Portal server may send the authentication information to the access control device over the long TCP connection established with the access control device.
S206: determining an authentication result for authenticating the authentication information, and determining whether to allow the response of the network access request according to the authentication result;
s207: directly responding to the request for access to the network.
If the terminal equipment which initiates the network access request passes the authentication, the network access request of the current terminal equipment can be directly released, the network access request is responded, and the terminal equipment which passes the authentication does not need to be repeatedly authenticated.
The embodiment of the application discloses a specific Portal authentication method. Referring to fig. 4, specifically: the branch access control equipment initiates TCP connection to the Portal server, reports the unique identifier and other connection information of the access control equipment, and keeps TCP long connection with the Portal server by sending heartbeat at regular time. The user terminal equipment firstly connects to the wireless network, initiates network connection to an Access Point (AP), and the Access Point returns an lP address and a subnet mask allocated to the user terminal equipment through a Dynamic Host Configuration Protocol (DHCP), so that the user terminal equipment successfully accesses to the network. The access point is a bridge for communication between the wireless network and the wired network, and is a core device for establishing the wireless local area network.
After accessing the network and acquiring the IP address, the user terminal device may initiate a request for accessing the network, for example, https:// www. And the access control equipment checks whether the user terminal equipment passes the authentication or not, and if the user terminal equipment does not pass the authentication, the access control equipment redirects to a Portal server authentication page address and carries the unique identifier of the access control equipment. The user terminal equipment acquires the login page by accessing the authentication page address, and the user can submit authentication information such as input user name and password through the login page.
After receiving the authentication information submitted by the user of the user terminal equipment through the login page, the Portal server forwards the authentication information to the access control equipment through the TCP long connection with the access control equipment. The access control equipment can forward the authentication information to the remote user dialing authentication server for authentication, and obtain an authentication result to return to the Portal server, and the Portal server can return the authentication result to the user. If the authentication is passed, the access control equipment releases the current network access request, so that the user terminal equipment can access the Internet, returns a corresponding network address to enable the user terminal equipment to access a network page based on the address, and can record the IP address of the user terminal equipment, and the equipment can normally surf the Internet without authentication when accessing the network again; if the authentication fails, a specific authentication failure error message of the user can be prompted through the authentication page, and the login page is returned for re-authentication.
In the embodiment of the application, the access control equipment actively initiates connection, only the access control equipment needs to configure the address of the Portal server, and the Portal server does not need to configure the network parameters of the access control equipment.
Further, by using long connection of TCP, the access control device can judge whether the Portal server normally operates by detecting the connection state of TCP. Specifically, the access control equipment sends a heartbeat request to the Portal server at regular time, and the Portal server replies a heartbeat response to the access control equipment after receiving the heartbeat request; if the access control equipment detects that the heartbeat response of the Portal server is not received within a certain time threshold, the Portal server is judged to be abnormal. The time threshold may be specifically defined as a transmission period of three heartbeat requests.
If the access control equipment detects that the Portal server is abnormal, the escape strategy can be started, and the local authentication strategy of the access control equipment is used for authenticating and authorizing the equipment, so that the long-time network disconnection of the equipment caused by the abnormal server is avoided. Meanwhile, the method can send messages to the administrator so as to inform the administrator to timely handle the abnormality of the Portal server and improve the disaster recovery effect of the system.
In the following, a description is given of a Portal authentication system provided in an embodiment of the present application, and a Portal authentication system described below and a Portal authentication method described above may be referred to each other.
Referring to fig. 5, an embodiment of the present application provides a Portal authentication system, including:
a connection establishing module 301, configured to send a TCP connection request to a Portal server, and establish a TCP long connection with the Portal server;
an authentication obtaining module 302, configured to obtain, based on the established TCP long connection, authentication information forwarded by the Portal server; the authentication information is submitted by the Portal server after the terminal equipment accesses the network and initiates a request for accessing the network;
a result determining module 303, configured to determine an authentication result for authenticating the authentication information, and determine whether to allow a response to the network access request according to the authentication result.
For the specific implementation process of the modules 301 to 303, reference may be made to the corresponding content disclosed in the foregoing embodiments, and details are not described herein again.
According to the Portal authentication system, when Portal authentication is carried out, the access control equipment actively sends a TCP connection request to the Portal server, so that TCP long connection is established with the Portal server, in the subsequent authentication process, due to the fact that long connection is established between the Portal server and the access control equipment, the Portal server can directly send authentication information without NAT penetration, in addition, connection is actively initiated to the Portal server by the access control equipment, the address and the butt-joint parameters of the access control equipment do not need to be configured in advance on one side of the Portal server, the configuration process is simplified, and the working efficiency is effectively improved.
The present application further provides an electronic device, and as shown in fig. 6, an electronic device provided in an embodiment of the present application includes:
a memory 100 for storing a computer program;
the processor 200, when executing the computer program, may implement the steps provided by the above embodiments.
Specifically, the memory 100 includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and computer-readable instructions, and the internal memory provides an environment for the operating system and the computer-readable instructions in the non-volatile storage medium to run. The processor 200 may be a Central Processing Unit (CPU), a controller, a microcontroller, a microprocessor or other data Processing chip in some embodiments, and provides computing and controlling capability for the electronic device, and when executing the computer program stored in the memory 100, the steps of the Portal authentication method disclosed in any of the foregoing embodiments may be implemented.
On the basis of the above embodiment, as a preferred implementation, referring to fig. 7, the electronic device further includes:
and an input interface 300 connected to the processor 200, for acquiring computer programs, parameters and instructions imported from the outside, and storing the computer programs, parameters and instructions into the memory 100 under the control of the processor 200. The input interface 300 may be connected to an input device for receiving parameters or instructions manually input by a user. The input device may be a touch layer covered on a display screen, or a button, a track ball or a touch pad arranged on a terminal shell, or a keyboard, a touch pad or a mouse, etc.
A display unit 400, connected to the processor 200, for displaying data processed by the processor 200 and for displaying a visualized user interface. The display unit 400 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch panel, or the like.
And a network port 500 connected to the processor 200 for performing communication connection with each external terminal device. The communication technology adopted by the communication connection can be a wired communication technology or a wireless communication technology, such as a mobile high definition link (MHL) technology, a Universal Serial Bus (USB), a High Definition Multimedia Interface (HDMI), a wireless fidelity (WiFi), a bluetooth communication technology, a low power consumption bluetooth communication technology, an ieee802.11 s-based communication technology, and the like.
Fig. 7 shows only an electronic device having components 100-500, and those skilled in the art will appreciate that the structure shown in fig. 7 is not limiting of electronic devices and may include fewer or more components than shown, or some components may be combined, or a different arrangement of components.
The present application also provides a computer-readable storage medium, which may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk. The storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the Portal authentication method disclosed in any of the foregoing embodiments.
According to the method, when Portal authentication is carried out, a TCP connection request is sent to a Portal server by an access control device actively, so that TCP long connection is established with the Portal server, in the subsequent authentication process, long connection is established between the Portal server and the access control device, the Portal server can directly send authentication information without NAT penetration, connection is initiated to the Portal server by the access control device actively, the address and the butt-joint parameters of the access control device do not need to be configured on one side of the Portal server in advance, the configuration process is simplified, and the working efficiency is effectively improved.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.

Claims (9)

1. A Portal authentication method is characterized by comprising the following steps:
sending a TCP connection request to a Portal server, and establishing a TCP long connection with the Portal server; the TCP connection request comprises identification information and a connection password of the access control equipment;
acquiring authentication information forwarded by the Portal server based on the established TCP long connection; the authentication information is submitted by the Portal server after the terminal equipment accesses the network and initiates a network access request;
determining an authentication result for authenticating the authentication information, and determining whether to allow the response of the network access request according to the authentication result;
further comprising: if the Portal server is abnormal, the terminal equipment is subjected to temporary authentication and authorization by using the authentication strategy of the access control equipment, so that the authenticated terminal equipment can normally access the network.
2. The Portal authentication method according to claim 1, wherein said sending a TCP connection request to a Portal server, after establishing a TCP long connection with said Portal server, comprises:
sending a heartbeat packet to the Portal server according to a preset time period so as to maintain the TCP long connection;
and if the heartbeat response returned by the Portal server aiming at the heartbeat packet is not received within a preset time period, judging that the Portal server is abnormal.
3. The Portal authentication method of claim 2, wherein, after determining that the Portal server is abnormal, the method further comprises:
and generating corresponding abnormal prompt information, and sending the abnormal prompt information to an administrator terminal for performing abnormal processing prompt.
4. The Portal authentication method according to claim 1, wherein before acquiring the authentication information forwarded by the Portal server based on the established TCP long connection, the method further comprises:
acquiring a network access request initiated by terminal equipment accessed to a network;
judging whether the terminal equipment passes authentication;
if yes, skipping the step of obtaining authentication information based on the established TCP long connection, and directly responding to the network access request;
if not, entering the step of obtaining authentication information based on the established TCP long connection;
the obtaining of the authentication information forwarded by the Portal server based on the established TCP long connection comprises the following steps:
if the terminal equipment is not authenticated, redirecting to an authentication page address of the Portal server so that the terminal equipment accesses a login page based on the authentication page address;
and acquiring authentication information which is forwarded by the Portal server and submitted by the terminal equipment through the login page based on the established TCP long connection.
5. The Portal authentication method of claim 1, wherein the determining an authentication result for authenticating the authentication information comprises:
and sending the authentication information to a remote user dialing authentication server, and acquiring an authentication result which is returned by the remote user dialing authentication server and is obtained after the authentication information is authenticated.
6. The Portal authentication method according to any of the claims 1 to 5, wherein said determining an authentication result for authenticating the authentication information and determining whether to allow a response to the request for access to the network according to the authentication result comprises:
if the authentication result is authentication failure, forbidding to respond to the network access request, sending authentication error prompt information, and returning to the step of acquiring authentication information based on the established TCP long connection for re-authentication;
and if the authentication result is that the authentication is successful, allowing the response to the network access request and redirecting to the corresponding network address.
7. A Portal authentication system, comprising:
the connection establishing module is used for sending a TCP connection request to a Portal server and establishing a TCP long connection with the Portal server; the TCP connection request comprises identification information and a connection password of the access control equipment;
the authentication acquisition module is used for acquiring the authentication information forwarded by the Portal server based on the established TCP long connection; the authentication information is submitted by the Portal server after the terminal equipment accesses the network and initiates a network access request;
a result determining module, configured to determine an authentication result for authenticating the authentication information, and determine whether to allow a response to the network access request according to the authentication result; further comprising: if the Portal server is abnormal, the terminal equipment is subjected to temporary authentication and authorization by using the authentication strategy of the access control equipment, so that the authenticated terminal equipment can normally access the network.
8. An electronic device, comprising:
a memory for storing a computer program;
processor for implementing the steps of the Portal authentication method according to any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the Portal authentication method according to any of the claims 1 to 6.
CN201911351208.7A 2019-12-24 2019-12-24 Portal authentication method, portal authentication system, electronic equipment and storage medium Active CN111049946B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911351208.7A CN111049946B (en) 2019-12-24 2019-12-24 Portal authentication method, portal authentication system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911351208.7A CN111049946B (en) 2019-12-24 2019-12-24 Portal authentication method, portal authentication system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111049946A CN111049946A (en) 2020-04-21
CN111049946B true CN111049946B (en) 2023-03-24

Family

ID=70239331

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911351208.7A Active CN111049946B (en) 2019-12-24 2019-12-24 Portal authentication method, portal authentication system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111049946B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112202813B (en) * 2020-10-29 2023-04-18 杭州迪普科技股份有限公司 Network access method and device
CN115243340A (en) * 2021-04-06 2022-10-25 杭州海康威视数字技术股份有限公司 Equipment linkage method, system and device and electronic equipment
CN113824791B (en) * 2021-09-23 2023-03-21 深信服科技股份有限公司 Access control method, device, equipment and readable storage medium
CN114301660A (en) * 2021-12-27 2022-04-08 西安广和通无线软件有限公司 Multi-server authentication method, device, equipment and storage medium
CN114567600B (en) * 2022-01-27 2024-04-16 深圳市潮流网络技术有限公司 Traffic management method and related equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1625881A (en) * 2002-09-27 2005-06-08 松下电器产业株式会社 Server, device, and communication system connected to the internet
CN101409669A (en) * 2008-09-09 2009-04-15 上海第二工业大学 Four-layer load-equalizing switch base on hardware and exchanging method thereof
EP2169916A1 (en) * 2008-09-24 2010-03-31 Nokia Siemens Networks OY Method and device for data processing in a network component and communication system comprising such device
CN102790813A (en) * 2012-08-06 2012-11-21 中国联合网络通信集团有限公司 Communication method as well as system and terminal equipment based on IPv6 (internet protocol version 6) network
CN106658224A (en) * 2016-12-21 2017-05-10 厦门普杰信息科技有限公司 Method for transferring audio and video data streams based on TCP mode of DSS time sharing system
CN106656911A (en) * 2015-10-29 2017-05-10 华为技术有限公司 Portal authentication method, access device and management server

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103986793B (en) * 2013-02-07 2018-05-15 新华三技术有限公司 A kind of method and system of lifting Portal certification IP address service efficiencies
CN103618706B (en) * 2013-11-19 2018-11-02 深圳Tcl新技术有限公司 The control system and method that smart machine mutually accesses
CN103685241A (en) * 2013-11-26 2014-03-26 中国科学院计算技术研究所 Adaptive heartbeat method and adaptive heartbeat system for maintaining long connection of TCP (transmission control protocol)
CN103888451B (en) * 2014-03-10 2017-09-26 百度在线网络技术(北京)有限公司 Authorization method, the apparatus and system of certification
CN105991641A (en) * 2015-08-06 2016-10-05 杭州迪普科技有限公司 Portal authentication method and portal authentication device
CN105516981A (en) * 2015-12-21 2016-04-20 深圳维盟科技有限公司 Intelligent WiFi authentication system
CN105898786A (en) * 2016-04-12 2016-08-24 上海斐讯数据通信技术有限公司 Access point escape method and access point escape system
CN110166432B (en) * 2019-04-17 2023-10-17 平安科技(深圳)有限公司 Method for accessing intranet target service and method for providing intranet target service

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1625881A (en) * 2002-09-27 2005-06-08 松下电器产业株式会社 Server, device, and communication system connected to the internet
CN101409669A (en) * 2008-09-09 2009-04-15 上海第二工业大学 Four-layer load-equalizing switch base on hardware and exchanging method thereof
EP2169916A1 (en) * 2008-09-24 2010-03-31 Nokia Siemens Networks OY Method and device for data processing in a network component and communication system comprising such device
CN102790813A (en) * 2012-08-06 2012-11-21 中国联合网络通信集团有限公司 Communication method as well as system and terminal equipment based on IPv6 (internet protocol version 6) network
CN106656911A (en) * 2015-10-29 2017-05-10 华为技术有限公司 Portal authentication method, access device and management server
CN106658224A (en) * 2016-12-21 2017-05-10 厦门普杰信息科技有限公司 Method for transferring audio and video data streams based on TCP mode of DSS time sharing system

Also Published As

Publication number Publication date
CN111049946A (en) 2020-04-21

Similar Documents

Publication Publication Date Title
CN111049946B (en) Portal authentication method, portal authentication system, electronic equipment and storage medium
US10869196B2 (en) Internet access authentication method and client, and computer storage medium
CN111355721B (en) Access control method, device, equipment and system and storage medium
EP2919435B1 (en) Communication terminal and secure log-in method and program
US11716390B2 (en) Systems and methods for remote management of appliances
WO2022247751A1 (en) Method, system and apparatus for remotely accessing application, device, and storage medium
US9419974B2 (en) Apparatus and method for performing user authentication by proxy in wireless communication system
CN104144163B (en) Auth method, apparatus and system
WO2018010146A1 (en) Response method, apparatus and system in virtual network computing authentication, and proxy server
CN110324338B (en) Data interaction method, device, fort machine and computer readable storage medium
CN113746633B (en) Internet of things equipment binding method, device, system, cloud server and storage medium
US9325685B2 (en) Authentication switch and network system
WO2018045798A1 (en) Network authentication method and related device
CN108540552A (en) Apparatus interconnection method, apparatus, system, equipment and storage medium
CN105635148B (en) Portal authentication method and device
CN114938288A (en) Data access method, device, equipment and storage medium
JP2015130028A (en) Proxy log-in device, terminal, control method and program
CN111788813A (en) Network system
CN110072235B (en) Networking method and device for intelligent equipment, electronic device and storage medium
CN103607403A (en) Method, device and system for using safety domain in NAT network environment
KR102071281B1 (en) Method for intergraged authentication thereof
CN113746909A (en) Network connection method, device, electronic equipment and computer readable storage medium
CN105554170A (en) DNS message processing method, device and system
WO2013034108A1 (en) Cloud service establishment system and method
JP2017194771A (en) Authentication management device and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant