CN105871853A - Portal authenticating method and system - Google Patents
Portal authenticating method and system Download PDFInfo
- Publication number
- CN105871853A CN105871853A CN201610220552.2A CN201610220552A CN105871853A CN 105871853 A CN105871853 A CN 105871853A CN 201610220552 A CN201610220552 A CN 201610220552A CN 105871853 A CN105871853 A CN 105871853A
- Authority
- CN
- China
- Prior art keywords
- portal authentication
- access point
- http
- terminal
- portal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000004044 response Effects 0.000 claims abstract description 83
- 238000012545 processing Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 235000009776 Rathbunia alamosensis Nutrition 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 244000089409 Erythrina poeppigiana Species 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 244000097202 Rathbunia alamosensis Species 0.000 description 1
- 206010000210 abortion Diseases 0.000 description 1
- 231100000176 abortion Toxicity 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Multimedia (AREA)
- Information Transfer Between Computers (AREA)
Abstract
This invention provides a portal authenticating method and system. The method comprises the following steps: a terminal sends a first HTTP (Hyper Text Transport Protocol) request to an access point and receives a first HTTP response returned by the access point; a status code of the first HTTP response comprises a redirection jump code based on browser identification; the redirection jump code comprises a uniform resource locator of the portal authentication; the terminal acquires the uniform resource locator of the portal authentication in the first HTTP response, and requests the portal authentication to an authentication server based on the uniform resource locator of the portal authentication. By adopting the method and the system provided in the invention, a plenty of invalid HTTP data packets are reduced to the authentication server, so that the processing pressure of the authentication server is relieved; and thus, a better network service is provided for the access point.
Description
Technical field
The present embodiments relate to communication technical field, particularly relate to a kind of portal authentication method and be
System.
Background technology
Current era is the epoch of a mobile interchange, in numerous public places, such as: hotel,
The place that the artificial abortions such as coffee shop, school, station, market are numerous, businessman in order to customer retaining,
Solving client's indulging in the internet when purchase and consumption and wait, often configuration WAP provides
Surf the Net use to numerous clients, and this traditional input pin mode not only brings to management
Inconvenience greatly, also has certain insecurity simultaneously.Therefore current the most either family is still
In public environment, all there is numerous wireless WIFI network, especially public
In business environment, people generally utilize the mobile device in hands to access exterior I nternet network,
And the businessman in business environment all compares emphasis commercial interest, so typically will not provide " freely "
Wireless network for user, the wireless network that businessman provides generally requires Portal certification,
Having another name called portal authentication, user is by cell-phone number, QQ account, wechat account or microblog account etc.
It is authenticated online.Portal authentication mode have need not install Authentication Client, reduce visitor
The maintenance workload of family end, it is simple to operation, can commence business on the Portal page expansion, skill
The advantages such as art is ripe and be widely used in the network such as operator, school.
At present, often at Hook Function defined in embedded Linux kernel, then kidnap also
Resolve user terminal and be dealt into the HTTP message of access point, therefrom get some network informations,
One conditional code of structure is the HTTP bag of " 302 Found " immediately after, this 302 Found
In conditional code packet header, location field contains the URL of the certificate server of setting
(Uniform Resoure Locator, URL), has constructed HTTP packet
Send function by kernel message data afterwards and be sent to user terminal, when user terminal receives 302
During the respond packet of Found conditional code, parse the URL of certificate server, again take to certification
Business device obtains authentication page.
But, this interactive mode existing defects, such as current intelligent terminal one starts shooting, backstage
Just starting substantial amounts of application (APP), these APP access after WIFI network in terminal,
Also can carry out communication with server, send substantial amounts of HTTP packet, access response 302 shapes
After state code packet, application backstage also can be gone to connect certificate server, and application itself cannot
The authentication page that gets of display, cause the most invalid HTTP to server, if certification takes
Business device hardware configuration is the lowest, or supports number of concurrent very little, may cause from browsing time serious
The HTTP message of device cannot process in time and lose.
Summary of the invention
The invention provides a kind of portal authentication method and system, it is possible to it is substantial amounts of invalid to significantly reduce
HTTP packet, to certificate server, alleviates certificate server processing pressure, thus is access point
More preferable network service is provided.
The present invention provides a kind of portal authentication method, and described method is applied in terminal, including: eventually
Hold and send the first HTTP request to access point, and receive the first http response that access point returns,
The conditional code of described first http response includes that redirection based on browser identification redirects code,
Described redirection redirects code and includes the URL of portal authentication;Terminal obtains first
The URL of the portal authentication in http response, and unification based on described portal authentication
URLs asks portal authentication to certificate server.
Further, described redirection based on browser identification redirects code for using javascript
The redirection that language is write redirects code;Terminal sends the first HTTP request to access point, and connects
Receive the first http response that access point returns, including: terminal sends a HTTP to access point
Request, if the MAC Address of described terminal is not in the forwarding list of access point, then access point
Kidnap described first HTTP request, and include that described use javascript language is compiled to terminal return
The redirection write redirects the first http response of code.
Further, the unified resource of the portal authentication during described terminal obtains the first http response
Finger URL, and URL based on described portal authentication asks entrance to certificate server
Certification, is pre-configured with the URL of portal authentication including: access point, and by described enter
The URL of mouth certification is saved in the forwarding list of access point;Terminal is sent out to access point
Send the second HTTP request, if described second HTTP request includes the forwarding of described access point
The URL of the portal authentication in list, then access point is by described second HTTP request
It is transmitted to certificate server.
Further, after described second HTTP request is transmitted to certificate server, also include:
After certificate server receives described second HTTP request, included to terminal return by access point
Second http response of portal authentication requests for page data;Terminal receives the second http response
After, identify portal authentication requests for page data and by browser display portal authentication requests for page;
After terminal gets portal authentication information by described portal authentication requests for page, described entrance is recognized
Card information is carried in the 3rd HTTP request, and by access point by described 3rd HTTP request
It is transmitted to certificate server.
Further, after described 3rd HTTP request is transmitted to certificate server, also include:
After certificate server receives described 3rd HTTP request, obtain portal authentication information;If root
Judge by certification according to described portal authentication information, then will be carried the 3rd by authentication information
In http response, and by access point, described 3rd http response will be returned to terminal;If
Judge not over certification according to described portal authentication information, then will take not over authentication information
Band is in the 3rd http response, and described 3rd http response will be returned to by access point
Terminal.
Further, described method also includes: if judging to lead to according to described portal authentication information
Crossing certification, access point will be added in forwarding list by the MAC Address of the terminal of certification.
The embodiment of the present invention provides a kind of portal authentication system, including: terminal, for access point
Send the first HTTP request;Access point, is used for receiving described first HTTP request, and returns
The first http response, the conditional code of described first http response includes based on browser identification
Redirection redirect code, described redirection redirects code and includes that the unified resource of portal authentication is fixed
Position symbol;Described terminal, is additionally operable to receive described first http response, and from a described HTTP
Response obtains the URL of portal authentication, unified resource based on described portal authentication
Finger URL asks portal authentication to certificate server;Certificate server, for carrying out described terminal
Portal authentication.
Further, described redirection based on browser identification redirects code for using javascript
The redirection that language is write redirects code;Described access point receives described first HTTP request, and
The first http response returned, particularly as follows: the HTTP that access point receives terminal transmission please
Asking, if the MAC Address of described terminal is not in the forwarding list of access point, then access point is robbed
Hold described first HTTP request, and include that described use javascript language is write to terminal return
Redirection redirect the first http response of code.
Further, described access point, it is additionally operable to: the unified resource being pre-configured with portal authentication is fixed
Position symbol, and the URL of described portal authentication is saved in the forwarding list of access point;
Described terminal obtains the URL of portal authentication, base from described first http response
URL in described portal authentication asks portal authentication to certificate server, particularly as follows:
Terminal sends the second HTTP request to access point, if the entrance in described second HTTP request
The URL of certification is in the forwarding list of described access point, then access point is by described
Two HTTP request are transmitted to certificate server, and certificate server receives described 2nd HTTP please
After asking, included the 2nd HTTP of portal authentication requests for page data to terminal return by access point
Response;After terminal receives the second http response, identify portal authentication requests for page data and lead to
Cross browser display portal authentication requests for page;Terminal is obtained by described portal authentication requests for page
After portal authentication information, described portal authentication information is carried in the 3rd HTTP request, and
By access point, described 3rd HTTP request is transmitted to certificate server;Certificate server receives
After described 3rd HTTP request, obtain portal authentication information;If according to described portal authentication
Information is judged by certification, then will be carried in the 3rd http response by authentication information, and
By access point, described 3rd http response will be returned to terminal;If recognized according to described entrance
Card information is judged not over certification, then will carry at the 3rd HTTP not over authentication information
In response, and by access point, described 3rd http response will be returned to terminal.
Further, described access point, it is additionally operable to: if judged according to described portal authentication information
Go out by certification, then will be added in forwarding list by the MAC Address of the terminal of certification.
Not only HTTP packet can be sent Portal certification when, just in prior art
Will also tend to the transmission HTTP packet of discontinuity in the application run, it is the most invalid to cause having
HTTP packet be sent to certificate server, HTTP message may be caused to process in time
And the defect lost, the portal authentication method of the present invention and system, by providing a kind of HTTP to ring
Should wrap, as the respond packet of Portal certification, the conditional code of the respond packet of this Portal certification is different
Being 302 Found conditional codes in traditional Portal, browser receives the respond packet of Portal certification
Rear just can jump to Portal certificate server page;If receive is not the response of Portal certification
Bag, then terminate this and connect, thus significantly reduce substantial amounts of invalid HTTP packet and take to certification
Business device, alleviates certificate server processing pressure, provides more preferable network service for access point.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will
The accompanying drawing used required in embodiment or description of the prior art is briefly described, aobvious and easy
Insight, the accompanying drawing in describing below is some embodiments of the present invention, for ordinary skill
From the point of view of personnel, on the premise of not paying creative work, it is also possible to obtain it according to these accompanying drawings
His accompanying drawing.
Fig. 1 is the schematic flow sheet of portal authentication method in the embodiment of the present invention;
Fig. 2 is 200 OK conditional code and tradition of the first http response in the embodiment of the present invention
The contrast schematic diagram of 302 Found conditional codes of http response bag;
Fig. 3 is the schematic diagram of the portal authentication method illustrated in the embodiment of the present invention;
The configuration diagram of the portal authentication system illustrated in Fig. 4 embodiment of the present invention.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with
Accompanying drawing in the embodiment of the present invention, carries out clear, complete to the technical scheme in the embodiment of the present invention
Ground describes, it is clear that described embodiment is a part of embodiment of the present invention rather than whole
Embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation
The every other embodiment obtained under property work premise, broadly falls into the scope of protection of the invention.
In order to be better understood from the present invention, below involved technology point is simply introduced.
AP: be equivalent to wireless exchange board, it is the access point that wireless terminal uses cable network, main
Network design etc. in the deployment of home broadband to be used for, Intranet and business environment.
Cloud AC: namely wireless local net access controller, it is responsible for after the data summarization of all AP
Access Internet, simultaneously can with some device parameters of Remote configuration AP, such as bandwidth speed limiting,
The parameters such as Portal function, security function.
Portal certification: namely web authentication, it is simply that user Internet to be used, need first to carry out
Authentication, then could use Internet network,.
The interaction of traditional Portal certification, substantially can be such that
1., when unauthenticated user accesses network, Web browser address field inputs a Internet
Address, then this HTTP request through access device can be redirected to Portal service
On the web authentication homepage of device;
2. user submits to after input authentication information in certification homepage/authentication dialog, Portal server
The authentication information of user can be passed to access device;
3. access device is authenticated and charging with certification/accounting server communication again;
4. after certification is passed through, if user not being used security strategy, then access device can open user
Path with the Internet, it is allowed to user accesses the Internet;If user be have employed security strategy,
Then the safety detection of user with Security Policy Server alternately, is passed through it by client, access device
After, Security Policy Server accesses unlimited resources according to the security authorization user of user.
But, the most not only can send HTTP packet Portal certification when, transport
The application of row will also tend to the transmission HTTP packet of discontinuity, and it is the most invalid to cause having
HTTP packet is sent to certificate server, and HTTP message may be caused cannot to process in time and lose
Lose.
Relative to prior art, this method embodiment by providing a kind of http response bag, as
The respond packet of Portal certification, the conditional code of the respond packet of this Portal certification is different from traditional
Portal is 302 Found conditional codes, and browser could be jumped after receiving the respond packet of Portal certification
Forward Portal certificate server page to;If receive is not the respond packet of Portal certification, then tie
Shu Benci connects.
Fig. 1 is the schematic flow sheet of portal authentication method in the embodiment of the present invention, as it is shown in figure 1,
Including:
Step S11, if access point receives the first HTTP request of self terminal, returns to terminal
Returning the first http response, the conditional code of described first http response includes based on browser identification
Redirection redirect code, described redirection redirects code and includes Portal URL.
Step S12, if access point receive terminal send include the second of Portal URL
After HTTP request, ask Portal certification according to Portal URL to certificate server.
Compared to the prior art, terminal carries out Portal to access point transmission in embodiments of the present invention
After first HTTP request of certification, access point is not forwarded directly in upper level network,
But the first http response of unconventional 302 Found conditional codes is returned to terminal.
Being compared to prior art, the conditional code of this first http response is different from tradition HTTP
302 Found conditional codes of respond packet, the conditional code that such as can arrange the first http response is
200 OK, the title of certain conditional code can be other representation, does not do concrete limit at this
System.
In embodiments of the present invention, 200 OK conditional codes of the first http response and tradition HTTP
The contrast of 302 Found conditional codes of respond packet is as shown in Figure 2.In the first http response 200
Including the redirection using javascript language to write in OK conditional code and redirect code, this resets
Include Portal URL to redirecting code, be also required to the most on an access point be pre-configured with certification clothes
The Portal URL of business device.
Because the most only the code that javascrip language is write just supported by browser, terminal gets
After 200 OK conditional codes of the first http response, can be at browser page according to javascript
The redirection that language is write redirects the Portal URL in code and initiates the second HTTP request, thus
Access point can ask Portal certification according to Portal URL to certificate server.And APP is usual
Do not support the code that javascript language is write, thus without jumping to certificate server.Thus may be used
To find out, the present invention can significantly reduce substantial amounts of invalid HTTP packet to certificate server,
Thus alleviate certificate server processing pressure.
Fig. 3 is the schematic diagram of the portal authentication method illustrated in the embodiment of the present invention.To access
As a example by Sina's domain name " sina.com.cn ", need first to have configured certificate server Portal URL and arrive
AP, such as " portal.com ".As it is shown on figure 3, include:
Terminal access sina.com.cn, send http request a to AP, AP detect this
Be not forwarded directly in upper level network after one http request, but AP kidnap this first
Http request, then forges the http response that conditional code is 200 OK and returns to
Terminal.
After terminal receives this http request, resolved by the browser of terminal, find
The conditional code of this http request there is the redirection using javascript language to write redirect code,
The 2nd http can be sent to AP according to the Portal URL address that this redirection redirected in generation
request。
After AP receives the 2nd http request, forward the 2nd http to certificate server
request.It should be noted that this Portal URL can be previously placed in the white list of AP, no
Can be kidnapped by AP, otherwise AP receives second and also can kidnap this Portal URL, causes circulation to be jumped
Turn.
After certificate server receives the 2nd http request, by Portal certification requests for page data with
The form of the 2nd http response is sent to after AP, AP receive the 2nd http response, turn
Issue terminal.
After terminal receives the 2nd http response, go out portal certification page by browser display,
Insert authentication information, then send the 3rd http request including Portal authentication data to AP.
After AP receives the 3rd http request, forward the 3rd http to certificate server
request。
After certificate server receives the 3rd http request, obtain the Portal authentication data of terminal.
If Portal certification is passed through, then Portal certification is carried at the 3rd http response by information
In return to the terminal that this Portal certification is passed through by AP, AP mac address information add white name
Single, the most no longer kidnap all packets of this terminal, if certification is not passed through, return authentication loses
Losing information, user needs certification again until certification is successful.
Fig. 4 is the configuration diagram of portal authentication system in the embodiment of the present invention.As shown in Figure 4,
A kind of portal authentication system, including:
Terminal, for sending the first HTTP request to access point;
Access point, is used for receiving described first HTTP request, and the first http response returned,
The conditional code of described first http response includes that redirection based on browser identification redirects code,
Described redirection redirects code and includes the URL of portal authentication;
Described terminal, is additionally operable to receive described first http response, and from a described HTTP
Response obtains the URL of portal authentication, unified resource based on described portal authentication
Finger URL asks portal authentication to certificate server;
Certificate server, for carrying out portal authentication to described terminal.
It should be noted that the Authentication Client in Fig. 4 is as above-mentioned terminal, access device conduct
Above-mentioned access point, Portal server is as above-mentioned certificate server.Additionally, in this portal authentication system
In system, it is also possible to include the most not shown Security Policy Server and authentication and accounting service
Devices etc., do not limit at this.
Specifically,
It is to use javascript language to write that described redirection based on browser identification redirects code
Redirection redirects code.
Described access point receives described first HTTP request, and the first http response returned,
Particularly as follows: access point receives the first HTTP request that terminal sends, if the MAC of described terminal
Address is not in the forwarding list of access point, then access point kidnaps described first HTTP request,
And include that the redirection that described use javascript language is write redirects the first of code to terminal return
Http response.
Described access point, is additionally operable to: be pre-configured with the URL of portal authentication, and will
The URL of described portal authentication is saved in the forwarding list of access point.
Described terminal obtains the URL of portal authentication from described first http response,
URL based on described portal authentication asks portal authentication to certificate server, specifically
For: terminal sends the second HTTP request to access point, if in described second HTTP request
The URL of portal authentication is in the forwarding list of described access point, then access point is by institute
Stating the second HTTP request and be transmitted to certificate server, certificate server receives described 2nd HTTP
After request, included the 2nd HTTP of portal authentication requests for page data to terminal return by access point
Response;After terminal receives the second http response, identify portal authentication requests for page data and lead to
Cross browser display portal authentication requests for page;Terminal is obtained by described portal authentication requests for page
After portal authentication information, described portal authentication information is carried in the 3rd HTTP request, and
By access point, described 3rd HTTP request is transmitted to certificate server;Certificate server receives
After described 3rd HTTP request, obtain portal authentication information;If according to described portal authentication
Information is judged by certification, then will be carried in the 3rd http response by authentication information, and
By access point, described 3rd http response will be returned to terminal;If recognized according to described entrance
Card information is judged not over certification, then will carry at the 3rd HTTP not over authentication information
In response, and by access point, described 3rd http response will be returned to terminal.
Described access point, is additionally operable to: if judging by certification according to described portal authentication information,
Then will be added in forwarding list by the MAC Address of the terminal of certification.
The portal authentication method of embodiment of the present invention offer and system, by providing a kind of HTTP to ring
Should wrap, as the respond packet of Portal certification, the conditional code of the respond packet of this Portal certification is different
Being 302 Found conditional codes in traditional Portal, browser receives the respond packet of Portal certification
Rear just can jump to Portal certificate server page;If receive is not the response of Portal certification
Bag, then terminate this and connect, thus significantly reduce substantial amounts of invalid HTTP packet and take to certification
Business device, alleviates certificate server processing pressure, provides more preferable network service for access point.
Device embodiment described above is only schematically, wherein said as separating component
The unit illustrated can be or may not be physically separate, the parts shown as unit
Can be or may not be physical location, i.e. may be located at a place, or can also divide
Cloth is on multiple NEs.Some or all of mould therein can be selected according to the actual needs
Block realizes the purpose of the present embodiment scheme.Those of ordinary skill in the art are not paying creativeness
In the case of work, i.e. it is appreciated that and implements.
Through the above description of the embodiments, those skilled in the art is it can be understood that arrive
Each embodiment can add the mode of required general hardware platform by software and realize, and the most also may be used
To pass through hardware.Based on such understanding, technique scheme is the most in other words to prior art
The part contributed can embody with the form of software product, and this computer software product can
With storage in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD etc., including
Some instructions with so that computer equipment (can be personal computer, server, or
The network equipment etc.) perform the method described in some part of each embodiment or embodiment.
Last it is noted that above example is only in order to illustrate technical scheme, rather than
It is limited;Although the present invention being described in detail with reference to previous embodiment, this area
Those of ordinary skill is it is understood that it still can be to the technical scheme described in foregoing embodiments
Modify, or wherein portion of techniques feature is carried out equivalent;And these are revised or replace
Change, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and
Scope.
Claims (10)
1. a portal authentication method, described method is applied in terminal, it is characterised in that including:
Terminal sends the first HTTP request to access point, and receives the HTTP that access point returns
Response, the conditional code of described first http response includes that redirection based on browser identification redirects
Code, described redirection redirects code and includes the URL of portal authentication;
Terminal obtains the URL of the portal authentication in the first http response, and based on
The URL of described portal authentication asks portal authentication to certificate server.
Portal authentication method the most according to claim 1, it is characterised in that: described based on clear
It is that the redirection using javascript language to write redirects generation that the redirection of device identification of looking at redirects code
Code;
Terminal sends the first HTTP request to access point, and receives the HTTP that access point returns
Response, including:
Terminal sends the first HTTP request to access point, if the MAC Address of described terminal does not has
In the forwarding list of access point, then access point kidnaps described first HTTP request, and to terminal
Return the HTTP sound including that the redirection that described use javascript language is write redirects code
Should.
Portal authentication method the most according to claim 2, it is characterised in that: described terminal obtains
Take the URL of portal authentication in the first http response, and recognize based on described entrance
The URL of card asks portal authentication to certificate server, including:
Access point is pre-configured with the URL of portal authentication, and by described portal authentication
URL is saved in the forwarding list of access point;
Terminal sends the second HTTP request to access point, if wrapped in described second HTTP request
Include the URL of portal authentication in the forwarding list of described access point, then access point will
Described second HTTP request is transmitted to certificate server.
Portal authentication method the most according to claim 3, it is characterised in that: by described second
After HTTP request is transmitted to certificate server, also include:
After certificate server receives described second HTTP request, returned to terminal by access point
The second http response including portal authentication requests for page data;
After terminal receives the second http response, identify portal authentication requests for page data and pass through
Browser display portal authentication requests for page;
After terminal gets portal authentication information by described portal authentication requests for page, by described enter
Mouth authentication information carries in the 3rd HTTP request, and by access point by described 3rd HTTP
Request is transmitted to certificate server.
Portal authentication method the most according to claim 4, it is characterised in that: by the described 3rd
After HTTP request is transmitted to certificate server, also include:
After certificate server receives described 3rd HTTP request, obtain portal authentication information;
If judging by certification according to described portal authentication information, then will be taken by authentication information
Band is in the 3rd http response, and described 3rd http response will be returned to by access point
Terminal;
If judging not over certification according to described portal authentication information, then will be not over recognizing
Card information is carried in the 3rd http response, and will be rung by described 3rd HTTP by access point
Terminal should be returned to.
Portal authentication method the most according to claim 5, it is characterised in that: described method is also
Including:
If judging that access point is by by certification by certification according to described portal authentication information
The MAC Address of terminal adds in forwarding list.
7. a portal authentication system, it is characterised in that including:
Terminal, for sending the first HTTP request to access point;
Access point, is used for receiving described first HTTP request, and the first http response returned,
The conditional code of described first http response includes that redirection based on browser identification redirects code,
Described redirection redirects code and includes the URL of portal authentication;
Described terminal, is additionally operable to receive described first http response, and from a described HTTP
Response obtains the URL of portal authentication, unified resource based on described portal authentication
Finger URL asks portal authentication to certificate server;
Certificate server, for carrying out portal authentication to described terminal.
Portal authentication system the most according to claim 7, it is characterised in that: described based on clear
It is that the redirection using javascript language to write redirects generation that the redirection of device identification of looking at redirects code
Code;
Described access point receives described first HTTP request, and the first http response returned,
Particularly as follows:
Access point receives the first HTTP request that terminal sends, if the MAC Address of described terminal
Not in the forwarding list of access point, then described first HTTP request of access point abduction, and to
Terminal returns and includes that the redirection that described use javascript language is write redirects the first of code
Http response.
Portal authentication system the most according to claim 8, it is characterised in that: described access point,
It is additionally operable to: be pre-configured with the URL of portal authentication, and by the system of described portal authentication
One URLs is saved in the forwarding list of access point;
Described terminal obtains the URL of portal authentication from described first http response,
URL based on described portal authentication asks portal authentication to certificate server, specifically
For:
Terminal sends the second HTTP request to access point, if in described second HTTP request
The URL of portal authentication is in the forwarding list of described access point, then access point is by institute
Stating the second HTTP request and be transmitted to certificate server, certificate server receives described 2nd HTTP
After request, included the 2nd HTTP of portal authentication requests for page data to terminal return by access point
Response;After terminal receives the second http response, identify portal authentication requests for page data and lead to
Cross browser display portal authentication requests for page;
After terminal gets portal authentication information by described portal authentication requests for page, by described enter
Mouth authentication information carries in the 3rd HTTP request, and by access point by described 3rd HTTP
Request is transmitted to certificate server;After certificate server receives described 3rd HTTP request, obtain
Taking mouth authentication information;If judging by certification according to described portal authentication information, then will be logical
Cross authentication information to carry in the 3rd http response, and will be by access point by described 3rd HTTP
Response returns to terminal;If judging not over certification according to described portal authentication information, then
To carry in the 3rd http response not over authentication information, and will be by access point by described
3rd http response returns to terminal.
Portal authentication system the most according to claim 9, it is characterised in that: described access
Point, is additionally operable to:
If judging by certification according to described portal authentication information, then by by the terminal of certification
MAC Address add in forwarding list.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610220552.2A CN105871853A (en) | 2016-04-11 | 2016-04-11 | Portal authenticating method and system |
| PCT/CN2016/108170 WO2017177691A1 (en) | 2016-04-11 | 2016-11-30 | Portal authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610220552.2A CN105871853A (en) | 2016-04-11 | 2016-04-11 | Portal authenticating method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105871853A true CN105871853A (en) | 2016-08-17 |
Family
ID=56636186
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610220552.2A Pending CN105871853A (en) | 2016-04-11 | 2016-04-11 | Portal authenticating method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105871853A (en) |
| WO (1) | WO2017177691A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106714206A (en) * | 2016-09-29 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Method and device for detecting network connection by wireless network access point |
| CN107248998A (en) * | 2017-07-04 | 2017-10-13 | 上海斐讯数据通信技术有限公司 | The authentication method and device of a kind of application client of terminal device |
| WO2017177691A1 (en) * | 2016-04-11 | 2017-10-19 | 上海斐讯数据通信技术有限公司 | Portal authentication method and system |
| CN107493206A (en) * | 2017-08-16 | 2017-12-19 | 广东欧珀移动通信有限公司 | A kind of network detecting method, network detection means and intelligent terminal |
| WO2018045798A1 (en) * | 2016-09-12 | 2018-03-15 | 华为技术有限公司 | Network authentication method and related device |
| CN107979577A (en) * | 2016-10-25 | 2018-05-01 | 华为技术有限公司 | A kind of method and apparatus of terminal authentication |
| CN112751844A (en) * | 2020-12-28 | 2021-05-04 | 杭州迪普科技股份有限公司 | Portal authentication method and device and electronic equipment |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112632491A (en) * | 2020-12-15 | 2021-04-09 | 读书郎教育科技有限公司 | Method for realizing account system shared by multiple information systems |
| CN115913780A (en) * | 2022-12-28 | 2023-04-04 | 四川长虹电器股份有限公司 | Method for Android TV to perform WIFI authentication without browser |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101034989A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Method, system and router for originating the authentication request via the user terminal |
| CN101640680A (en) * | 2009-09-02 | 2010-02-03 | 杭州华三通信技术有限公司 | Network access control method, system and device |
| CN102469069A (en) * | 2010-11-02 | 2012-05-23 | 杭州华三通信技术有限公司 | Method and device for preventing portal authentication attack |
| CN102946434A (en) * | 2012-11-23 | 2013-02-27 | 广东宜通世纪科技股份有限公司 | Communication method of wireless local area network (WLAN) |
| US20140245395A1 (en) * | 2012-10-16 | 2014-08-28 | Guest Tek Interactive Entertainment Ltd. | Off-site user access control |
| CN104780168A (en) * | 2015-03-30 | 2015-07-15 | 杭州华三通信技术有限公司 | Portal authentication method and equipment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003186783A (en) * | 2001-12-18 | 2003-07-04 | Hitachi Software Eng Co Ltd | Data transfer method and system |
| CN104821940A (en) * | 2015-04-16 | 2015-08-05 | 京信通信技术(广州)有限公司 | Method and equipment for sending portal redirected address |
| CN105338072A (en) * | 2015-10-20 | 2016-02-17 | 上海斐讯数据通信技术有限公司 | HTTP (hyper text transport protocol) redirecting method and routing equipment |
| CN105871853A (en) * | 2016-04-11 | 2016-08-17 | 上海斐讯数据通信技术有限公司 | Portal authenticating method and system |
| CN105812481A (en) * | 2016-04-20 | 2016-07-27 | 上海斐讯数据通信技术有限公司 | Hypertext transfer protocol request identification system and hypertext transfer protocol request identification method |
-
2016
- 2016-04-11 CN CN201610220552.2A patent/CN105871853A/en active Pending
- 2016-11-30 WO PCT/CN2016/108170 patent/WO2017177691A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101034989A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Method, system and router for originating the authentication request via the user terminal |
| CN101640680A (en) * | 2009-09-02 | 2010-02-03 | 杭州华三通信技术有限公司 | Network access control method, system and device |
| CN102469069A (en) * | 2010-11-02 | 2012-05-23 | 杭州华三通信技术有限公司 | Method and device for preventing portal authentication attack |
| US20140245395A1 (en) * | 2012-10-16 | 2014-08-28 | Guest Tek Interactive Entertainment Ltd. | Off-site user access control |
| CN102946434A (en) * | 2012-11-23 | 2013-02-27 | 广东宜通世纪科技股份有限公司 | Communication method of wireless local area network (WLAN) |
| CN104780168A (en) * | 2015-03-30 | 2015-07-15 | 杭州华三通信技术有限公司 | Portal authentication method and equipment |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017177691A1 (en) * | 2016-04-11 | 2017-10-19 | 上海斐讯数据通信技术有限公司 | Portal authentication method and system |
| WO2018045798A1 (en) * | 2016-09-12 | 2018-03-15 | 华为技术有限公司 | Network authentication method and related device |
| CN106714206A (en) * | 2016-09-29 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Method and device for detecting network connection by wireless network access point |
| CN107979577A (en) * | 2016-10-25 | 2018-05-01 | 华为技术有限公司 | A kind of method and apparatus of terminal authentication |
| WO2018076712A1 (en) * | 2016-10-25 | 2018-05-03 | 华为技术有限公司 | Terminal authentication method and device |
| EP3525411A4 (en) * | 2016-10-25 | 2019-08-14 | Huawei Technologies Co., Ltd. | Terminal authentication method and device |
| US10701073B2 (en) | 2016-10-25 | 2020-06-30 | Huawei Technologies Co., Ltd. | Terminal authentication method and device |
| CN107979577B (en) * | 2016-10-25 | 2021-10-15 | 华为技术有限公司 | Terminal authentication method and device |
| CN107248998A (en) * | 2017-07-04 | 2017-10-13 | 上海斐讯数据通信技术有限公司 | The authentication method and device of a kind of application client of terminal device |
| CN107493206A (en) * | 2017-08-16 | 2017-12-19 | 广东欧珀移动通信有限公司 | A kind of network detecting method, network detection means and intelligent terminal |
| CN107493206B (en) * | 2017-08-16 | 2019-04-23 | Oppo广东移动通信有限公司 | A kind of network detecting method, network detection device and intelligent terminal |
| CN112751844A (en) * | 2020-12-28 | 2021-05-04 | 杭州迪普科技股份有限公司 | Portal authentication method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017177691A1 (en) | 2017-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105871853A (en) | Portal authenticating method and system | |
| CN106131079B (en) | Authentication method, system and proxy server | |
| US9166949B2 (en) | Method and system of managing a captive portal with a router | |
| CN104519050B (en) | Login method and login system | |
| CN103369531B (en) | A kind of method and device that control of authority is carried out based on end message | |
| CN104158818B (en) | A kind of single-point logging method and system | |
| CN104113549A (en) | Platform authorization method, platform server side, application client side and system | |
| CN105991518B (en) | Network access verifying method and device | |
| CN105939313B (en) | Status code reorientation method and device | |
| CN109710270A (en) | A kind of security application delivery method, device and storage medium | |
| WO2015043455A1 (en) | Data transmission method, device, and system | |
| CN109688280A (en) | Request processing method, request processing equipment, browser and storage medium | |
| CN105162802B (en) | Portal authentication method and certificate server | |
| EP3289519B1 (en) | Acquisition of a device fingerprint from an instance of a client application | |
| CN105577651B (en) | Service providing method and device | |
| CN105991640B (en) | Handle the method and device of HTTP request | |
| CN105657710A (en) | Wireless network authentication method and system | |
| US20220210155A1 (en) | Secure identity provider authentication for native application to access web service | |
| CN107508822A (en) | Access control method and device | |
| CN108259457A (en) | A kind of WEB authentication methods and device | |
| CN106230788A (en) | The reorientation method of a kind of portal certification, radio reception device, portal server | |
| CN105281987B (en) | Router and data uploading method, device, system | |
| CN108737407A (en) | A kind of method and device for kidnapping network flow | |
| CN107135506A (en) | A kind of portal authentication methods, apparatus and system | |
| CN109688109A (en) | The verification method and device of identifying code based on client-side information identification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160817 |