WifiDOG是一个热点系统,包含了认证服务器和客户端两部分组成,认证原理大体说下: 4 G* \. e4 `9 x$ O a5 D: ^
General Flow Description:
5 H4 G/ o, z1 X+ v j一般流程描述: 6 [5 M9 y7 L- i" E7 G' b7 g
①The client does his initial request, as if he was already connected, (e.g.: http://www.6hl.cn) : c2 ~. b% {9 j7 T- v+ ?% b
客户端发出初始化请求,比如访问 www.6hl.cn 这个站点 * Y U# B( @# W5 f( X
②The Gateway's firewall rules mangle the request to redirect it to a local port on the Gateway. When that's the done, the Gateway provides an HTTP Redirect reply that contains the Gateway ID, Gateway FQDN and other informations & a: m/ f: Z7 u: D; Y' \" z
网关的防火墙规则将这个请求重定向到本地网关的端口上。当做完这个工作,网关提供一个HTTP重定向回复,包含了Gateway的ID,Gateway的FQDN以及其他的信息。
$ ^& a/ g) o" R# F" }③The Client does his request to the Auth Server as specified by the Gateway, see Login Protocol + v- n5 I: q& q8 p/ t- w
用户向认证服务器发出认证请求
" w; a* f" @7 y! N/ Ehttp://auth_server/login? ) D2 ? C+ _" ?' d
gw_id=[GatewayID, default: "default"] l% v# Q# s6 c- |. I! q0 G
gw_address=[GatewayAddress, internal IP of router] 1 e% m6 L5 W; }1 s, o
gw_port=[GatewayPort, port that wifidog Gateway is listening on]
& W8 P/ t& N. \url=[user requested url] ④The Gateway replies with a (potentially custom) splash (login) page
- X4 U9 R1 c, K- S8 h网关返回一个(可以是自定义的)splash(也称作“登录”)页面
; H I* t8 }4 `% I⑤The Client provides his identification informations (username and password)
4 W" \. [ I- B6 U r用户提供他的凭据信息,比如用户名和密码 ' A. M( ]' T1 n3 F% l8 N
⑥Upon succesful authentication, the client gets an HTTP Redirect to the Gateway's own web server with his authentication proof (a one-time token), [url=http://gatewayip:GatewayPort/wifidog/auth?token=[auth]http://GatewayIP:GatewayPort/wifidog/auth?token=[auth[/url] token]
; t8 _2 t5 I4 B1 Z5 n成功认证的话,客户端将会被重定向到网关的自己的web页面上,并且带有一个 认证凭据(一个一次性的token),内容比如
3 g" F p9 r4 ` K, G; m3 {9 K( Y[url=http://gatewayip:GatewayPort/wifidog/auth?token=[auth]http://GatewayIP:GatewayPort/wifidog/auth?token=[auth[/url] token]
@3 D; ^0 T. m/ j: R6 N0 r! Z⑦The Client then connects to the Gateway and thus gives it his token
8 _, H% ^, z1 [2 x, ^用户就是用获取到的凭据访问网关
# m& D" O7 }, h6 U! T% b4 R⑧The Gateway requests validation of the token from the Auth Server, see Client Protocol【见登录心跳】
* m- @* S5 C5 N+ h网关去认证服务器询问token的有效性
|2 ]. p, A. ]' ?⑨The Auth Server confirms the token
7 _% |( | ^8 C! s认证服务器确认token的有效性
" M( K& ?' b* K0 @①①The Gateway then sends a redirect to the Client to obtain the Success Page from the Auth Server, redirects to http://auth_server/portal/
# j* v! ]0 W/ f# O网关发送重定向给客户端,以从认证服务器上获取 成功提示页面,重定向到 http://auth_server/portal/ 这个位置 ; N3 X' t R2 `8 x
①②The Auth Server notifies the Client that his request was successful
0 d/ v9 r. X* R4 V. x认证服务器通知客户请求成功,可以上网了
; Y- V4 z+ C# k7 z( [1 S+ y, Z( L: X e. z! {
| 
粤公网安备44152102000001号 
发表于 2015-2-12 16:54:30