WifiDOG是一个热点系统,包含了认证服务器和客户端两部分组成,认证原理大体说下: * w2 V" d- o/ n$ H q
General Flow Description: % S: a) F. |4 R+ i
一般流程描述:
0 J& c3 `5 e! F4 w( V+ {①The client does his initial request, as if he was already connected, (e.g.: http://www.6hl.cn)
- y( f1 v4 M; S% x+ }7 d客户端发出初始化请求,比如访问 www.6hl.cn 这个站点
1 p# Y5 n% p3 q* l②The Gateway's firewall rules mangle the request to redirect it to a local port on the Gateway. When that's the done, the Gateway provides an HTTP Redirect reply that contains the Gateway ID, Gateway FQDN and other informations
' {9 z' M- S) R' q8 e网关的防火墙规则将这个请求重定向到本地网关的端口上。当做完这个工作,网关提供一个HTTP重定向回复,包含了Gateway的ID,Gateway的FQDN以及其他的信息。 & ? f' R. C/ \4 y- w
③The Client does his request to the Auth Server as specified by the Gateway, see Login Protocol
/ D/ [! b% H8 C用户向认证服务器发出认证请求 4 S# w1 K7 g1 p5 A# A
http://auth_server/login?
: M M8 v) M4 j! Z- U2 agw_id=[GatewayID, default: "default"]
. R. T4 Q7 q( r# A0 }. e+ ~gw_address=[GatewayAddress, internal IP of router]
' m! C" v3 a) W+ Z% i7 \. F0 ogw_port=[GatewayPort, port that wifidog Gateway is listening on]
! C4 H' L" I% S" N! T" y* vurl=[user requested url] ④The Gateway replies with a (potentially custom) splash (login) page 2 v- |2 S' c* U# ~
网关返回一个(可以是自定义的)splash(也称作“登录”)页面
% t" G/ Y V H; o⑤The Client provides his identification informations (username and password)
" }1 r& |4 N% N1 Z用户提供他的凭据信息,比如用户名和密码 2 c* Q+ C# t l" [. N; ^
⑥Upon succesful authentication, the client gets an HTTP Redirect to the Gateway's own web server with his authentication proof (a one-time token), [url=http://gatewayip:GatewayPort/wifidog/auth?token=[auth]http://GatewayIP:GatewayPort/wifidog/auth?token=[auth[/url] token] 5 E( q. [5 Z: B! t5 G+ `
成功认证的话,客户端将会被重定向到网关的自己的web页面上,并且带有一个 认证凭据(一个一次性的token),内容比如 7 I+ ?4 G) y9 C+ R! G3 j
[url=http://gatewayip:GatewayPort/wifidog/auth?token=[auth]http://GatewayIP:GatewayPort/wifidog/auth?token=[auth[/url] token]
+ N+ X* e9 A0 H8 f2 e* A! o⑦The Client then connects to the Gateway and thus gives it his token 4 H* i' J0 |9 [/ L- `
用户就是用获取到的凭据访问网关 + f- V% `) F1 Q. f& r; h2 _
⑧The Gateway requests validation of the token from the Auth Server, see Client Protocol【见登录心跳】
; z6 {/ W) M* F6 c网关去认证服务器询问token的有效性
) g$ [' z, P9 C% x⑨The Auth Server confirms the token 2 m0 w9 v6 K4 k
认证服务器确认token的有效性 4 T9 K5 W6 F8 g5 T4 K# r
①①The Gateway then sends a redirect to the Client to obtain the Success Page from the Auth Server, redirects to http://auth_server/portal/: d5 T( |1 R, E8 p9 p$ B6 X+ d
网关发送重定向给客户端,以从认证服务器上获取 成功提示页面,重定向到 http://auth_server/portal/ 这个位置
6 M& m$ R4 }- o; K% W& b. g①②The Auth Server notifies the Client that his request was successful
& u" x S; R$ `认证服务器通知客户请求成功,可以上网了
5 y6 N0 x; J$ k1 Z5 Y A
" n! Q) c3 h- r4 M$ ^$ y | 
粤公网安备44152102000001号 
发表于 2015-2-12 16:54:30