[go: up one dir, main page]

CN105871853A - Portal authenticating method and system - Google Patents

Portal authenticating method and system Download PDF

Info

Publication number
CN105871853A
CN105871853A CN201610220552.2A CN201610220552A CN105871853A CN 105871853 A CN105871853 A CN 105871853A CN 201610220552 A CN201610220552 A CN 201610220552A CN 105871853 A CN105871853 A CN 105871853A
Authority
CN
China
Prior art keywords
access point
portal authentication
http
terminal
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610220552.2A
Other languages
Chinese (zh)
Inventor
张德黎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Feixun Data Communication Technology Co Ltd
Original Assignee
Shanghai Feixun Data Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Feixun Data Communication Technology Co Ltd filed Critical Shanghai Feixun Data Communication Technology Co Ltd
Priority to CN201610220552.2A priority Critical patent/CN105871853A/en
Publication of CN105871853A publication Critical patent/CN105871853A/en
Priority to PCT/CN2016/108170 priority patent/WO2017177691A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明提供了一种入口认证方法和系统,其中方法包括:终端向接入点发送第一HTTP请求,并接收接入点返回的第一HTTP响应,所述第一HTTP响应的状态码包括基于浏览器识别的重定向跳转代码,所述重定向跳转代码中包括入口认证的统一资源定位符;终端获取第一HTTP响应中的入口认证的统一资源定位符,并基于所述入口认证的统一资源定位符向认证服务器请求入口认证。本发明明显减少大量的无效HTTP数据包到认证服务器,减轻了认证服务器处理压力,从而为接入点提供更好的网络服务。

The present invention provides an entry authentication method and system, wherein the method includes: the terminal sends a first HTTP request to the access point, and receives the first HTTP response returned by the access point, the status code of the first HTTP response includes The redirection jump code recognized by the browser, the redirection jump code includes the uniform resource locator of the entry authentication; the terminal obtains the uniform resource locator of the entry authentication in the first HTTP response, and based on the URL of the entry authentication The Uniform Resource Locator requests entry authentication from the authentication server. The invention obviously reduces a large number of invalid HTTP data packets to the authentication server, reduces the processing pressure of the authentication server, and thus provides better network services for the access point.

Description

一种入口认证方法和系统A kind of entrance authentication method and system

技术领域technical field

本发明实施例涉及通信技术领域,尤其涉及一种入口认证方法和系统。The embodiments of the present invention relate to the technical field of communications, and in particular to an entry authentication method and system.

背景技术Background technique

当今时代是一个移动互联的时代,在众多的公共场所,如:酒店、咖啡厅、学校、车站、商场等人流众多的地方,商家为了留住客户、解决客户在购物消费和等待时的上网问题,往往配置无线接入点提供给广大客户上网使用,而这种传统的输入密码方式不仅给管理带来了极大的不便,同时也具有一定的不安全性。因此目前无论是家庭还是公共环境中,都存在着数目众多的无线WIFI网络,尤其是在公共的商业环境中,人们通常利用手中的移动设备来访问外部Internet网络,而商业环境中的商家都比较注重商业利益,所以一般不会提供“免费”的无线网络供用户使用,商家提供的无线网络往往需要Portal认证,又名入口认证,用户通过手机号、QQ账号、微信账号或微博账号等进行认证上网。Portal认证方式具有不需要安装认证客户端,减少客户端的维护工作量,便于运营,可以在Portal页面上开展业务拓展、技术成熟等优点而被广泛应用于运营商、学校等网络。Today's era is an era of mobile Internet. In many public places, such as hotels, coffee shops, schools, stations, shopping malls and other places with a large number of people, in order to retain customers and solve customers' online problems when shopping and waiting , often configure wireless access points to provide customers with access to the Internet, and this traditional password input method not only brings great inconvenience to management, but also has a certain degree of insecurity. Therefore, there are a large number of wireless WIFI networks in both homes and public environments, especially in public commercial environments, where people usually use their mobile devices to access external Internet networks, and businesses in commercial environments are more Pay attention to commercial interests, so generally do not provide "free" wireless network for users to use. The wireless network provided by the merchant often requires Portal authentication, also known as entrance authentication. Users use mobile phone number, QQ account, WeChat account or Weibo account to verify Authentication online. The Portal authentication method has the advantages of not needing to install an authentication client, reducing the maintenance workload of the client, facilitating operation, enabling business development on the Portal page, and mature technology, so it is widely used in networks such as operators and schools.

目前,往往是在嵌入式Linux内核中定义钩子函数,然后劫持并解析用户终端发到接入点的HTTP报文,从中获取到一些网络信息,然后立即构造一个状态码为“302 Found”的HTTP包,此302 Found状态码数据包包头中Location字段含有设置的认证服务器的URL(Uniform Resoure Locator,统一资源定位符),构造好HTTP数据包后通过内核报文数据发送函数发送到用户终端,当用户终端收到302Found状态码的响应包时,解析出认证服务器的URL,再次向认证服务器获取认证页。At present, the hook function is often defined in the embedded Linux kernel, then hijacks and parses the HTTP message sent by the user terminal to the access point, obtains some network information from it, and immediately constructs an HTTP message whose status code is "302 Found". The Location field in the header of the 302 Found status code data packet contains the URL (Uniform Resoure Locator, Uniform Resource Locator) of the authentication server set. After the HTTP data packet is constructed, it is sent to the user terminal through the kernel message data sending function. When the user terminal receives the response packet with the 302Found status code, it parses out the URL of the authentication server, and obtains the authentication page from the authentication server again.

但是,这种交互方式存在缺陷,例如当前智能终端一开机,后台便启动了大量的应用(APP),这些APP在终端接入WIFI网络后,也会和服务器进行通讯,发送大量的HTTP数据包,接入响应302状态码数据包后,应用后台也会去连接认证服务器,而应用本身又无法显示获取到的认证页,造成大量无效的HTTP到服务器,如果认证服务器硬件配置太低,或者支持并发数太少,严重时可能导致来自浏览器的HTTP报文无法及时处理而丢失。However, this interaction method has defects. For example, when the current smart terminal is turned on, a large number of applications (APP) are started in the background. After the terminal is connected to the WIFI network, these APPs will also communicate with the server and send a large number of HTTP packets. , after accessing the response 302 status code packet, the application background will also connect to the authentication server, and the application itself cannot display the obtained authentication page, resulting in a large amount of invalid HTTP to the server. If the authentication server hardware configuration is too low, or supports If the number of concurrency is too small, in severe cases, HTTP messages from the browser may not be processed in time and may be lost.

发明内容Contents of the invention

本发明提供了一种入口认证方法和系统,能够明显减少大量的无效HTTP数据包到认证服务器,减轻了认证服务器处理压力,从而为接入点提供更好的网络服务。The invention provides an entry authentication method and system, which can significantly reduce a large number of invalid HTTP data packets sent to the authentication server, reduce the processing pressure of the authentication server, and thus provide better network services for the access point.

本发明提供一种入口认证方法,所述方法应用于终端上,包括:终端向接入点发送第一HTTP请求,并接收接入点返回的第一HTTP响应,所述第一HTTP响应的状态码包括基于浏览器识别的重定向跳转代码,所述重定向跳转代码中包括入口认证的统一资源定位符;终端获取第一HTTP响应中的入口认证的统一资源定位符,并基于所述入口认证的统一资源定位符向认证服务器请求入口认证。The present invention provides an entry authentication method, which is applied to a terminal, including: the terminal sends a first HTTP request to an access point, and receives a first HTTP response returned by the access point, and the status of the first HTTP response The code includes a redirection jump code based on browser identification, and the redirection jump code includes the uniform resource locator of the entry authentication; the terminal acquires the uniform resource locator of the entry authentication in the first HTTP response, and based on the The uniform resource locator of the entry authentication requests the entry authentication from the authentication server.

进一步地,所述基于浏览器识别的重定向跳转代码为使用javascript语言编写的重定向跳转代码;终端向接入点发送第一HTTP请求,并接收接入点返回的第一HTTP响应,包括:终端向接入点发送第一HTTP请求,如果所述终端的MAC地址没有在接入点的转发列表中,则接入点劫持所述第一HTTP请求,并向终端返回包括所述使用javascript语言编写的重定向跳转代码的第一HTTP响应。Further, the redirection jump code based on browser recognition is a redirection jump code written in javascript language; the terminal sends the first HTTP request to the access point, and receives the first HTTP response returned by the access point, Including: the terminal sends a first HTTP request to the access point, if the MAC address of the terminal is not in the forwarding list of the access point, the access point hijacks the first HTTP request, and returns to the terminal including the use The first HTTP response of the redirection jump code written in javascript language.

进一步地,所述终端获取第一HTTP响应中的入口认证的统一资源定位符,并基于所述入口认证的统一资源定位符向认证服务器请求入口认证,包括:接入点预先配置入口认证的统一资源定位符,并将所述入口认证的统一资源定位符保存在接入点的转发列表中;终端向接入点发送第二HTTP请求,如果所述第二HTTP请求中包括所述接入点的转发列表中的入口认证的统一资源定位符,则接入点将所述第二HTTP请求转发给认证服务器。Further, the terminal acquires the uniform resource locator of the entry authentication in the first HTTP response, and requests the entry authentication from the authentication server based on the uniform resource locator of the entry authentication, including: the access point pre-configures the uniform resource locator of the entry authentication resource locator, and save the uniform resource locator of the entry authentication in the forwarding list of the access point; the terminal sends a second HTTP request to the access point, if the second HTTP request includes the access point The access point forwards the second HTTP request to the authentication server.

进一步地,将所述第二HTTP请求转发给认证服务器之后,还包括:认证服务器接收到所述第二HTTP请求后,通过接入点向终端返回包括入口认证请求页面数据的第二HTTP响应;终端接收到第二HTTP响应后,识别入口认证请求页面数据并通过浏览器显示入口认证请求页面;终端通过所述入口认证请求页面获取到入口认证信息后,将所述入口认证信息携带在第三HTTP请求中,并通过接入点将所述第三HTTP请求转发给认证服务器。Further, after forwarding the second HTTP request to the authentication server, the method further includes: after the authentication server receives the second HTTP request, returning a second HTTP response including the entry authentication request page data to the terminal through the access point; After receiving the second HTTP response, the terminal identifies the entry authentication request page data and displays the entry authentication request page through the browser; after obtaining the entry authentication information through the entry authentication request page, the terminal carries the entry authentication information in the third HTTP request, and forward the third HTTP request to the authentication server through the access point.

进一步地,将所述第三HTTP请求转发给认证服务器之后,还包括:认证服务器接收到所述第三HTTP请求后,获取入口认证信息;如果根据所述入口认证信息判断出通过认证,则将通过认证信息携带在第三HTTP响应中,并将通过接入点将所述第三HTTP响应返回给终端;如果根据所述入口认证信息判断出没有通过认证,则将没有通过认证信息携带在第三HTTP响应中,并将通过接入点将所述第三HTTP响应返回给终端。Further, after forwarding the third HTTP request to the authentication server, the method further includes: after the authentication server receives the third HTTP request, obtaining entry authentication information; if it is determined that the authentication is passed according to the entry authentication information, then Passed authentication information is carried in the third HTTP response, and the third HTTP response will be returned to the terminal through the access point; three HTTP responses, and return the third HTTP response to the terminal through the access point.

进一步地,所述方法还包括:如果根据所述入口认证信息判断出通过认证,接入点将通过认证的终端的MAC地址添加到转发列表中。Further, the method further includes: if it is determined according to the entry authentication information that the authentication is passed, the access point adds the MAC address of the authenticated terminal to the forwarding list.

本发明实施例提供一种入口认证系统,包括:终端,用于向接入点发送第一HTTP请求;接入点,用于接收所述第一HTTP请求,并返回的第一HTTP响应,所述第一HTTP响应的状态码包括基于浏览器识别的重定向跳转代码,所述重定向跳转代码中包括入口认证的统一资源定位符;所述终端,还用于接收所述第一HTTP响应,并从所述第一HTTP响应中获取入口认证的统一资源定位符,基于所述入口认证的统一资源定位符向认证服务器请求入口认证;认证服务器,用于对所述终端进行入口认证。An embodiment of the present invention provides an entry authentication system, including: a terminal, configured to send a first HTTP request to an access point; an access point, configured to receive the first HTTP request and return a first HTTP response, the The status code of the first HTTP response includes a redirection jump code based on browser recognition, and the redirection jump code includes a uniform resource locator for entry authentication; the terminal is also used to receive the first HTTP response, and obtain the uniform resource locator of the entry authentication from the first HTTP response, and request entry authentication to the authentication server based on the uniform resource locator of the entry authentication; the authentication server is configured to perform entry authentication on the terminal.

进一步地,所述基于浏览器识别的重定向跳转代码为使用javascript语言编写的重定向跳转代码;所述接入点接收所述第一HTTP请求,并返回的第一HTTP响应,具体为:接入点接收终端发送的第一HTTP请求,如果所述终端的MAC地址没有在接入点的转发列表中,则接入点劫持所述第一HTTP请求,并向终端返回包括所述使用javascript语言编写的重定向跳转代码的第一HTTP响应。Further, the redirection jump code based on browser recognition is a redirection jump code written in javascript language; the access point receives the first HTTP request and returns the first HTTP response, specifically : The access point receives the first HTTP request sent by the terminal, if the MAC address of the terminal is not in the forwarding list of the access point, the access point hijacks the first HTTP request, and returns to the terminal including the The first HTTP response of the redirection jump code written in javascript language.

进一步地,所述接入点,还用于:预先配置入口认证的统一资源定位符,并将所述入口认证的统一资源定位符保存在接入点的转发列表中;所述终端从所述第一HTTP响应中获取入口认证的统一资源定位符,基于所述入口认证的统一资源定位符向认证服务器请求入口认证,具体为:终端向接入点发送第二HTTP请求,如果所述第二HTTP请求中的入口认证的统一资源定位符在所述接入点的转发列表中,则接入点将所述第二HTTP请求转发给认证服务器,认证服务器接收到所述第二HTTP请求后,通过接入点向终端返回包括入口认证请求页面数据的第二HTTP响应;终端接收到第二HTTP响应后,识别入口认证请求页面数据并通过浏览器显示入口认证请求页面;终端通过所述入口认证请求页面获取到入口认证信息后,将所述入口认证信息携带在第三HTTP请求中,并通过接入点将所述第三HTTP请求转发给认证服务器;认证服务器接收到所述第三HTTP请求后,获取入口认证信息;如果根据所述入口认证信息判断出通过认证,则将通过认证信息携带在第三HTTP响应中,并将通过接入点将所述第三HTTP响应返回给终端;如果根据所述入口认证信息判断出没有通过认证,则将没有通过认证信息携带在第三HTTP响应中,并将通过接入点将所述第三HTTP响应返回给终端。Further, the access point is further configured to: pre-configure the uniform resource locator of the entry authentication, and store the uniform resource locator of the entry authentication in the forwarding list of the access point; Obtain the uniform resource locator of the entry authentication in the first HTTP response, and request the entry authentication to the authentication server based on the uniform resource locator of the entry authentication, specifically: the terminal sends a second HTTP request to the access point, if the second The uniform resource locator of the entry authentication in the HTTP request is in the forwarding list of the access point, then the access point forwards the second HTTP request to the authentication server, and after the authentication server receives the second HTTP request, The second HTTP response that includes the entry authentication request page data is returned to the terminal through the access point; after receiving the second HTTP response, the terminal identifies the entry authentication request page data and displays the entry authentication request page through the browser; the terminal passes the entry authentication After the request page obtains the entry authentication information, the entry authentication information is carried in the third HTTP request, and the third HTTP request is forwarded to the authentication server through the access point; the authentication server receives the third HTTP request Afterwards, the entry authentication information is obtained; if it is determined that the authentication is passed according to the entry authentication information, the authentication information will be carried in the third HTTP response, and the third HTTP response will be returned to the terminal through the access point; if If it is determined that the authentication is not passed according to the entry authentication information, the authentication failure information is carried in the third HTTP response, and the third HTTP response is returned to the terminal through the access point.

进一步地,所述接入点,还用于:如果根据所述入口认证信息判断出通过认证,则将通过认证的终端的MAC地址添加到转发列表中。Further, the access point is further configured to: add the MAC address of the authenticated terminal to the forwarding list if it is determined that the authentication is passed according to the entry authentication information.

针对现有技术中不仅在Portal认证的时候会发送HTTP数据包,正在运行的应用往往也会间断性的发送HTTP数据包,造成将有大量无效的HTTP数据包发送到认证服务器,可能导致HTTP报文无法及时处理而丢失的缺陷,本发明的入口认证方法和系统,通过提供一种HTTP响应包,作为Portal认证的响应包,该Portal认证的响应包的状态码是不同于传统的Portal是302 Found状态码,浏览器接收到Portal认证的响应包后才能跳转到Portal认证服务器页;如果接收到的不是Portal认证的响应包,则结束本次连接,从而明显减少大量的无效HTTP数据包到认证服务器,减轻了认证服务器处理压力,为接入点提供更好的网络服务。In the existing technology, not only HTTP data packets are sent during Portal authentication, but also running applications often send HTTP data packets intermittently, resulting in a large number of invalid HTTP data packets being sent to the authentication server, which may cause HTTP error messages. The defect that the text cannot be processed in time and lost, the entrance authentication method and system of the present invention, by providing a kind of HTTP response packet, as the response packet of Portal authentication, the status code of the response packet of this Portal authentication is different from the traditional Portal is 302 Found status code, the browser can jump to the Portal authentication server page only after receiving the response packet of Portal authentication; The authentication server reduces the processing pressure of the authentication server and provides better network services for the access point.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本发明实施例中入口认证方法的流程示意图;FIG. 1 is a schematic flow diagram of an entry authentication method in an embodiment of the present invention;

图2为本发明实施例中第一HTTP响应的200 OK状态码和传统HTTP响应包的302 Found状态码的对比示意图;Fig. 2 is the comparative schematic diagram of the 200 OK status code of the first HTTP response and the 302 Found status code of the traditional HTTP response packet in the embodiment of the present invention;

图3为本发明实施例中举例说明的入口认证方法的示意图;Fig. 3 is a schematic diagram of the entrance authentication method illustrated in the embodiment of the present invention;

图4本发明实施例中举例说明的入口认证系统的架构示意图。FIG. 4 is a schematic diagram of the architecture of the entrance authentication system illustrated in the embodiment of the present invention.

具体实施方式detailed description

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

为了更好的理解本发明,下面对所涉及到技术点的进行简单介绍。In order to better understand the present invention, the technical points involved are briefly introduced below.

AP:相当于无线交换机,它是无线终端使用有线网络的接入点,主要用于家庭宽带、企业内部网络部署和商业环境中网络部署等。AP: Equivalent to a wireless switch, it is an access point for wireless terminals using a wired network. It is mainly used for home broadband, enterprise internal network deployment, and network deployment in business environments.

云AC:也即无线局域网接入控制器,负责将所有AP的数据汇总后接入Internet,同时可以远程配置AP的一些设备参数,例如带宽限速、Portal功能、安全功能等参数。Cloud AC: That is, the wireless LAN access controller, which is responsible for summarizing the data of all APs and connecting them to the Internet. At the same time, it can remotely configure some device parameters of APs, such as bandwidth speed limit, Portal function, security function and other parameters.

Portal认证:也即web认证,就是用户要使用Internet,需要先进行身份认证,然后才能使用Internet网络,。Portal authentication: also known as web authentication, that is, to use the Internet, the user needs to perform identity authentication before using the Internet network.

传统的Portal认证的交互过程,大致可以如下:The interaction process of traditional Portal authentication can be roughly as follows:

1.未认证用户访问网络时,在Web浏览器地址栏中输入一个互联网的地址,那么此HTTP请求在经过接入设备时会被重定向到Portal服务器的Web认证主页上;1. When an unauthenticated user accesses the network, enter an Internet address in the address bar of the web browser, then the HTTP request will be redirected to the web authentication home page of the Portal server when passing through the access device;

2.用户在认证主页/认证对话框中输入认证信息后提交,Portal服务器会将用户的认证信息传递给接入设备;2. After the user enters the authentication information on the authentication home page/authentication dialog box and submits it, the Portal server will pass the user's authentication information to the access device;

3.接入设备再与认证/计费服务器通信进行认证和计费;3. The access device then communicates with the authentication/accounting server for authentication and accounting;

4.认证通过后,如果未对用户采用安全策略,则接入设备会打开用户与互联网的通路,允许用户访问互联网;如果对用户采用了安全策略,则客户端、接入设备与安全策略服务器交互,对用户的安全检测通过之后,安全策略服务器根据用户的安全性授权用户访问非受限资源。4. After the authentication is passed, if no security policy is adopted for the user, the access device will open the channel between the user and the Internet, allowing the user to access the Internet; if a security policy is adopted for the user, the client, the access device and the security policy server will Interaction, after passing the user's security check, the security policy server authorizes the user to access unrestricted resources according to the user's security.

但是,当前不仅在Portal认证的时候会发送HTTP数据包,正在运行的应用往往也会间断性的发送HTTP数据包,造成将有大量无效的HTTP数据包发送到认证服务器,可能导致HTTP报文无法及时处理而丢失。However, currently, not only HTTP data packets are sent during Portal authentication, but also running applications often send HTTP data packets intermittently, causing a large number of invalid HTTP data packets to be sent to the authentication server, which may cause HTTP packets to fail. lost in time.

相对于现有技术,本方法实施例通过提供一种HTTP响应包,作为Portal认证的响应包,该Portal认证的响应包的状态码是不同于传统的Portal是302 Found状态码,浏览器接收到Portal认证的响应包后才能跳转到Portal认证服务器页;如果接收到的不是Portal认证的响应包,则结束本次连接。With respect to prior art, this method embodiment is by providing a kind of HTTP response packet, as the response packet of Portal authentication, the status code of the response packet of this Portal authentication is to be different from traditional Portal is 302 Found status code, browser receives Only after the Portal authentication response packet can jump to the Portal authentication server page; if the response packet is not Portal authentication is received, the connection will end.

图1为本发明实施例中入口认证方法的流程示意图,如图1所示,包括:Fig. 1 is a schematic flow chart of the entrance authentication method in the embodiment of the present invention, as shown in Fig. 1, including:

步骤S11,如果接入点接收到来自终端的第一HTTP请求,向终端返回第一HTTP响应,所述第一HTTP响应的状态码包括基于浏览器识别的重定向跳转代码,所述重定向跳转代码中包括Portal URL。Step S11, if the access point receives the first HTTP request from the terminal, it returns a first HTTP response to the terminal, the status code of the first HTTP response includes a redirection jump code based on browser recognition, and the redirection The redirection code includes the Portal URL.

步骤S12,如果接入点接收到终端发送的包括Portal URL的第二HTTP请求后,根据Portal URL向认证服务器请求Portal认证。Step S12, if the access point receives the second HTTP request including the Portal URL sent by the terminal, it requests Portal authentication from the authentication server according to the Portal URL.

和现有技术相比,在本发明实施例中终端向接入点发送进行Portal认证的第一HTTP请求后,接入点并没有直接转发到上一级网络中去,而是向终端返回非传统的302 Found状态码的第一HTTP响应。Compared with the prior art, after the terminal sends the first HTTP request for Portal authentication to the access point in the embodiment of the present invention, the access point does not directly forward it to the upper-level network, but returns a non-return request to the terminal. The first HTTP response with the traditional 302 Found status code.

相比较于现有技术,该第一HTTP响应的状态码不同于传统HTTP响应包的302 Found状态码,例如可以设置第一HTTP响应的状态码为200 OK,当然状态码的名称可以是其他的表示形式,在此并不做具体限制。Compared with the prior art, the status code of the first HTTP response is different from the 302 Found status code of the traditional HTTP response packet. For example, the status code of the first HTTP response can be set to 200 OK. Of course, the name of the status code can be other The expression form is not specifically limited here.

在本发明实施例中,第一HTTP响应的200 OK状态码和传统HTTP响应包的302 Found状态码的对比如图2所示。在第一HTTP响应的200OK状态码中包括有使用javascript语言编写的重定向跳转代码,该重定向跳转代码中包括Portal URL,因此在接入点上也需要预先配置认证服务器的Portal URL。In the embodiment of the present invention, the comparison between the 200 OK status code of the first HTTP response and the 302 Found status code of the traditional HTTP response packet is shown in FIG. 2 . The 200OK status code of the first HTTP response includes a redirection jump code written in javascript language, and the redirection jump code includes a Portal URL, so the Portal URL of the authentication server also needs to be pre-configured on the access point.

因为通常只有浏览器才支持javascrip语言编写的代码,终端获取到第一HTTP响应的200 OK状态码后,可以在浏览器页面根据javascript语言编写的重定向跳转代码中的Portal URL发起第二HTTP请求,从而接入点可以根据Portal URL向认证服务器请求Portal认证。而APP通常不支持javascript语言编写的代码,因此不会跳转到认证服务器。由此可以看出,本发明可以明显减少大量的无效HTTP数据包到认证服务器,从而减轻了认证服务器处理压力。Because usually only the browser supports the code written in the javascript language, after the terminal obtains the 200 OK status code of the first HTTP response, it can initiate the second HTTP on the browser page according to the Portal URL in the redirection jump code written in the javascript language. request, so that the access point can request Portal authentication from the authentication server according to the Portal URL. And APP usually does not support code written in javascript language, so it will not jump to the authentication server. It can be seen that the present invention can obviously reduce a large number of invalid HTTP data packets to the authentication server, thereby reducing the processing pressure of the authentication server.

图3为本发明实施例中举例说明的入口认证方法的示意图。以访问新浪域名“sina.com.cn”为例,需要先配置好认证服务器Portal URL到AP,如“portal.com”。如图3所示,包括:Fig. 3 is a schematic diagram of an entrance authentication method illustrated in an embodiment of the present invention. To access the Sina domain name "sina.com.cn" as an example, you need to configure the authentication server Portal URL to the AP, such as "portal.com". As shown in Figure 3, including:

终端访问sina.com.cn,发送第一http request到AP,AP检测到此第一http request后并不直接转发到上一级网络中去,而是AP劫持此第一http request,然后伪造一个状态码为200 OK的第一http response返回给终端。The terminal accesses sina.com.cn and sends the first http request to the AP. After the AP detects the first http request, it does not directly forward it to the upper-level network. Instead, the AP hijacks the first http request and then forges a The first http response whose status code is 200 OK is returned to the terminal.

终端收到此第一http request后,通过终端的浏览器进行解析,发现该http request的状态码中有使用javascript语言编写的重定向跳转代码,可以根据该重定向跳转代中的Portal URL地址向AP发送第二httprequest。After the terminal receives the first http request, it parses it through the browser of the terminal, and finds that the status code of the http request contains a redirection code written in javascript language, and the Portal URL in the code can be redirected according to the redirection The address sends a second httprequest to the AP.

AP接收到该第二http request后,向认证服务器转发该第二httprequest。需要注意的是,此Portal URL可以预先放在AP的白名单中,不会被AP劫持,否则AP接收到第二也会劫持此Portal URL,导致循环跳转。After receiving the second http request, the AP forwards the second http request to the authentication server. It should be noted that this Portal URL can be placed in the AP's whitelist in advance, and will not be hijacked by the AP, otherwise the AP will also hijack the Portal URL when it receives the second message, resulting in a loop jump.

认证服务器收到第二http request后,将Portal认证请求页面数据以第二http response的形式发送到AP,AP接收到第二http response后,转发给终端。After receiving the second http request, the authentication server sends the Portal authentication request page data to the AP in the form of the second http response, and the AP forwards the data to the terminal after receiving the second http response.

终端接收到第二http response后,通过浏览器显示出portal认证页面,填入认证信息,然后向AP发送包括Portal认证数据的第三http request。After receiving the second http response, the terminal displays the portal authentication page through the browser, fills in the authentication information, and then sends the third http request including the Portal authentication data to the AP.

AP接收到该第三http request后,向认证服务器转发该第三httprequest。After receiving the third http request, the AP forwards the third http request to the authentication server.

认证服务器收到第三http request后,获取终端的Portal认证数据。如果Portal认证通过,则将Portal认证通过信息携带在第三http response中返回给AP,AP将该Portal认证通过的终端的MAC地址信息加入白名单,此后不再劫持此终端的所有数据包,如果认证不通过,返回认证失败信息,用户需要再次认证直到认证成功。After receiving the third http request, the authentication server obtains the Portal authentication data of the terminal. If the Portal authentication is passed, the Portal authentication passing information will be carried in the third http response and returned to the AP. The AP will add the MAC address information of the terminal that has passed the Portal authentication to the whitelist, and will no longer hijack all data packets of this terminal. If If the authentication fails, an authentication failure message is returned, and the user needs to re-authenticate until the authentication succeeds.

图4为本发明实施例中入口认证系统的架构示意图。如图4所示,一种入口认证系统,包括:Fig. 4 is a schematic diagram of the architecture of the entrance authentication system in the embodiment of the present invention. As shown in Figure 4, an entry authentication system includes:

终端,用于向接入点发送第一HTTP请求;a terminal, configured to send a first HTTP request to the access point;

接入点,用于接收所述第一HTTP请求,并返回的第一HTTP响应,所述第一HTTP响应的状态码包括基于浏览器识别的重定向跳转代码,所述重定向跳转代码中包括入口认证的统一资源定位符;The access point is configured to receive the first HTTP request and return the first HTTP response, the status code of the first HTTP response includes a browser-based redirection jump code, and the redirection jump code Include the uniform resource locator of the entry authentication;

所述终端,还用于接收所述第一HTTP响应,并从所述第一HTTP响应中获取入口认证的统一资源定位符,基于所述入口认证的统一资源定位符向认证服务器请求入口认证;The terminal is further configured to receive the first HTTP response, and obtain a uniform resource locator of entry authentication from the first HTTP response, and request entry authentication to an authentication server based on the uniform resource locator of entry authentication;

认证服务器,用于对所述终端进行入口认证。The authentication server is configured to perform entry authentication on the terminal.

需要说明的是,图4中的认证客户端作为上述终端,接入设备作为上述接入点,Portal服务器作为上述认证服务器。此外,在该入口认证系统中,还可以包括在图4中没有图示的安全策略服务器和认证计费服务器等,在此并不做限制。It should be noted that the authentication client in FIG. 4 is used as the above-mentioned terminal, the access device is used as the above-mentioned access point, and the Portal server is used as the above-mentioned authentication server. In addition, the entrance authentication system may also include a security policy server and an authentication and accounting server not shown in FIG. 4 , which are not limited here.

具体地,specifically,

所述基于浏览器识别的重定向跳转代码为使用javascript语言编写的重定向跳转代码。The redirection jump code based on browser recognition is a redirection jump code written in javascript language.

所述接入点接收所述第一HTTP请求,并返回的第一HTTP响应,具体为:接入点接收终端发送的第一HTTP请求,如果所述终端的MAC地址没有在接入点的转发列表中,则接入点劫持所述第一HTTP请求,并向终端返回包括所述使用javascript语言编写的重定向跳转代码的第一HTTP响应。The access point receives the first HTTP request and returns the first HTTP response, specifically: the access point receives the first HTTP request sent by the terminal, if the MAC address of the terminal is not forwarded by the access point list, the access point hijacks the first HTTP request, and returns to the terminal the first HTTP response including the redirection jump code written in javascript language.

所述接入点,还用于:预先配置入口认证的统一资源定位符,并将所述入口认证的统一资源定位符保存在接入点的转发列表中。The access point is further configured to: pre-configure the uniform resource locator of the entry authentication, and store the uniform resource locator of the entry authentication in the forwarding list of the access point.

所述终端从所述第一HTTP响应中获取入口认证的统一资源定位符,基于所述入口认证的统一资源定位符向认证服务器请求入口认证,具体为:终端向接入点发送第二HTTP请求,如果所述第二HTTP请求中的入口认证的统一资源定位符在所述接入点的转发列表中,则接入点将所述第二HTTP请求转发给认证服务器,认证服务器接收到所述第二HTTP请求后,通过接入点向终端返回包括入口认证请求页面数据的第二HTTP响应;终端接收到第二HTTP响应后,识别入口认证请求页面数据并通过浏览器显示入口认证请求页面;终端通过所述入口认证请求页面获取到入口认证信息后,将所述入口认证信息携带在第三HTTP请求中,并通过接入点将所述第三HTTP请求转发给认证服务器;认证服务器接收到所述第三HTTP请求后,获取入口认证信息;如果根据所述入口认证信息判断出通过认证,则将通过认证信息携带在第三HTTP响应中,并将通过接入点将所述第三HTTP响应返回给终端;如果根据所述入口认证信息判断出没有通过认证,则将没有通过认证信息携带在第三HTTP响应中,并将通过接入点将所述第三HTTP响应返回给终端。The terminal acquires the uniform resource locator of the entry authentication from the first HTTP response, and requests the entry authentication from the authentication server based on the uniform resource locator of the entry authentication, specifically: the terminal sends a second HTTP request to the access point , if the uniform resource locator of the entry authentication in the second HTTP request is in the forwarding list of the access point, the access point forwards the second HTTP request to the authentication server, and the authentication server receives the After the second HTTP request, the terminal returns the second HTTP response including the entry authentication request page data to the terminal through the access point; after receiving the second HTTP response, the terminal identifies the entry authentication request page data and displays the entry authentication request page through the browser; After obtaining the entry authentication information through the entry authentication request page, the terminal carries the entry authentication information in the third HTTP request, and forwards the third HTTP request to the authentication server through the access point; the authentication server receives After the third HTTP request, obtain the entry authentication information; if it is judged that the authentication is passed according to the entry authentication information, the authentication information will be carried in the third HTTP response, and the third HTTP will be passed through the access point. The response is returned to the terminal; if it is judged that the authentication is not passed according to the entry authentication information, the authentication information is not passed in the third HTTP response, and the third HTTP response is returned to the terminal through the access point.

所述接入点,还用于:如果根据所述入口认证信息判断出通过认证,则将通过认证的终端的MAC地址添加到转发列表中。The access point is further configured to: add the MAC address of the authenticated terminal to the forwarding list if it is determined that the authentication is passed according to the entry authentication information.

本发明实施例提供的入口认证方法和系统,通过提供一种HTTP响应包,作为Portal认证的响应包,该Portal认证的响应包的状态码是不同于传统的Portal是302 Found状态码,浏览器接收到Portal认证的响应包后才能跳转到Portal认证服务器页;如果接收到的不是Portal认证的响应包,则结束本次连接,从而明显减少大量的无效HTTP数据包到认证服务器,减轻了认证服务器处理压力,为接入点提供更好的网络服务。The entrance authentication method and system that the embodiment of the present invention provides, by providing a kind of HTTP response packet, as the response packet of Portal authentication, the status code of the response packet of this Portal authentication is different from traditional Portal is 302 Found status code, browser Only after receiving the response packet for Portal authentication can you jump to the Portal authentication server page; if the response packet is not received for Portal authentication, this connection will be terminated, thereby significantly reducing a large number of invalid HTTP packets to the authentication server and reducing the authentication time. The server handles the stress and provides better network service to the access point.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network elements. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without any creative effort.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。Through the above description of the implementations, those skilled in the art can clearly understand that each implementation can be implemented by means of software plus a necessary general hardware platform, and of course also by hardware. Based on this understanding, the essence of the above technical solution or the part that contributes to the prior art can be embodied in the form of software products, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic discs, optical discs, etc., including several instructions to make a computer device (which may be a personal computer, server, or network device, etc.) execute the methods described in various embodiments or some parts of the embodiments.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention.

Claims (10)

1. a portal authentication method, described method is applied in terminal, it is characterised in that including:
Terminal sends the first HTTP request to access point, and receives the HTTP that access point returns Response, the conditional code of described first http response includes that redirection based on browser identification redirects Code, described redirection redirects code and includes the URL of portal authentication;
Terminal obtains the URL of the portal authentication in the first http response, and based on The URL of described portal authentication asks portal authentication to certificate server.
Portal authentication method the most according to claim 1, it is characterised in that: described based on clear It is that the redirection using javascript language to write redirects generation that the redirection of device identification of looking at redirects code Code;
Terminal sends the first HTTP request to access point, and receives the HTTP that access point returns Response, including:
Terminal sends the first HTTP request to access point, if the MAC Address of described terminal does not has In the forwarding list of access point, then access point kidnaps described first HTTP request, and to terminal Return the HTTP sound including that the redirection that described use javascript language is write redirects code Should.
Portal authentication method the most according to claim 2, it is characterised in that: described terminal obtains Take the URL of portal authentication in the first http response, and recognize based on described entrance The URL of card asks portal authentication to certificate server, including:
Access point is pre-configured with the URL of portal authentication, and by described portal authentication URL is saved in the forwarding list of access point;
Terminal sends the second HTTP request to access point, if wrapped in described second HTTP request Include the URL of portal authentication in the forwarding list of described access point, then access point will Described second HTTP request is transmitted to certificate server.
Portal authentication method the most according to claim 3, it is characterised in that: by described second After HTTP request is transmitted to certificate server, also include:
After certificate server receives described second HTTP request, returned to terminal by access point The second http response including portal authentication requests for page data;
After terminal receives the second http response, identify portal authentication requests for page data and pass through Browser display portal authentication requests for page;
After terminal gets portal authentication information by described portal authentication requests for page, by described enter Mouth authentication information carries in the 3rd HTTP request, and by access point by described 3rd HTTP Request is transmitted to certificate server.
Portal authentication method the most according to claim 4, it is characterised in that: by the described 3rd After HTTP request is transmitted to certificate server, also include:
After certificate server receives described 3rd HTTP request, obtain portal authentication information;
If judging by certification according to described portal authentication information, then will be taken by authentication information Band is in the 3rd http response, and described 3rd http response will be returned to by access point Terminal;
If judging not over certification according to described portal authentication information, then will be not over recognizing Card information is carried in the 3rd http response, and will be rung by described 3rd HTTP by access point Terminal should be returned to.
Portal authentication method the most according to claim 5, it is characterised in that: described method is also Including:
If judging that access point is by by certification by certification according to described portal authentication information The MAC Address of terminal adds in forwarding list.
7. a portal authentication system, it is characterised in that including:
Terminal, for sending the first HTTP request to access point;
Access point, is used for receiving described first HTTP request, and the first http response returned, The conditional code of described first http response includes that redirection based on browser identification redirects code, Described redirection redirects code and includes the URL of portal authentication;
Described terminal, is additionally operable to receive described first http response, and from a described HTTP Response obtains the URL of portal authentication, unified resource based on described portal authentication Finger URL asks portal authentication to certificate server;
Certificate server, for carrying out portal authentication to described terminal.
Portal authentication system the most according to claim 7, it is characterised in that: described based on clear It is that the redirection using javascript language to write redirects generation that the redirection of device identification of looking at redirects code Code;
Described access point receives described first HTTP request, and the first http response returned, Particularly as follows:
Access point receives the first HTTP request that terminal sends, if the MAC Address of described terminal Not in the forwarding list of access point, then described first HTTP request of access point abduction, and to Terminal returns and includes that the redirection that described use javascript language is write redirects the first of code Http response.
Portal authentication system the most according to claim 8, it is characterised in that: described access point, It is additionally operable to: be pre-configured with the URL of portal authentication, and by the system of described portal authentication One URLs is saved in the forwarding list of access point;
Described terminal obtains the URL of portal authentication from described first http response, URL based on described portal authentication asks portal authentication to certificate server, specifically For:
Terminal sends the second HTTP request to access point, if in described second HTTP request The URL of portal authentication is in the forwarding list of described access point, then access point is by institute Stating the second HTTP request and be transmitted to certificate server, certificate server receives described 2nd HTTP After request, included the 2nd HTTP of portal authentication requests for page data to terminal return by access point Response;After terminal receives the second http response, identify portal authentication requests for page data and lead to Cross browser display portal authentication requests for page;
After terminal gets portal authentication information by described portal authentication requests for page, by described enter Mouth authentication information carries in the 3rd HTTP request, and by access point by described 3rd HTTP Request is transmitted to certificate server;After certificate server receives described 3rd HTTP request, obtain Taking mouth authentication information;If judging by certification according to described portal authentication information, then will be logical Cross authentication information to carry in the 3rd http response, and will be by access point by described 3rd HTTP Response returns to terminal;If judging not over certification according to described portal authentication information, then To carry in the 3rd http response not over authentication information, and will be by access point by described 3rd http response returns to terminal.
Portal authentication system the most according to claim 9, it is characterised in that: described access Point, is additionally operable to:
If judging by certification according to described portal authentication information, then by by the terminal of certification MAC Address add in forwarding list.
CN201610220552.2A 2016-04-11 2016-04-11 Portal authenticating method and system Pending CN105871853A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610220552.2A CN105871853A (en) 2016-04-11 2016-04-11 Portal authenticating method and system
PCT/CN2016/108170 WO2017177691A1 (en) 2016-04-11 2016-11-30 Portal authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610220552.2A CN105871853A (en) 2016-04-11 2016-04-11 Portal authenticating method and system

Publications (1)

Publication Number Publication Date
CN105871853A true CN105871853A (en) 2016-08-17

Family

ID=56636186

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610220552.2A Pending CN105871853A (en) 2016-04-11 2016-04-11 Portal authenticating method and system

Country Status (2)

Country Link
CN (1) CN105871853A (en)
WO (1) WO2017177691A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106714206A (en) * 2016-09-29 2017-05-24 腾讯科技(深圳)有限公司 Method and device for detecting network connection by wireless network access point
CN107248998A (en) * 2017-07-04 2017-10-13 上海斐讯数据通信技术有限公司 The authentication method and device of a kind of application client of terminal device
WO2017177691A1 (en) * 2016-04-11 2017-10-19 上海斐讯数据通信技术有限公司 Portal authentication method and system
CN107493206A (en) * 2017-08-16 2017-12-19 广东欧珀移动通信有限公司 A kind of network detecting method, network detection means and intelligent terminal
WO2018045798A1 (en) * 2016-09-12 2018-03-15 华为技术有限公司 Network authentication method and related device
CN107979577A (en) * 2016-10-25 2018-05-01 华为技术有限公司 A kind of method and apparatus of terminal authentication
CN112751844A (en) * 2020-12-28 2021-05-04 杭州迪普科技股份有限公司 Portal authentication method and device and electronic equipment

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632491A (en) * 2020-12-15 2021-04-09 读书郎教育科技有限公司 Method for realizing account system shared by multiple information systems
CN115913780A (en) * 2022-12-28 2023-04-04 四川长虹电器股份有限公司 A method for Android TV to perform WIFI authentication without a browser
CN116566653A (en) * 2023-03-31 2023-08-08 深圳市深信服信息安全有限公司 Verification method, verification device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034989A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Method, system and router for originating the authentication request via the user terminal
CN101640680A (en) * 2009-09-02 2010-02-03 杭州华三通信技术有限公司 Network access control method, system and device
CN102469069A (en) * 2010-11-02 2012-05-23 杭州华三通信技术有限公司 method and device for preventing entrance authentication attack
CN102946434A (en) * 2012-11-23 2013-02-27 广东宜通世纪科技股份有限公司 Communication method of wireless local area network (WLAN)
US20140245395A1 (en) * 2012-10-16 2014-08-28 Guest Tek Interactive Entertainment Ltd. Off-site user access control
CN104780168A (en) * 2015-03-30 2015-07-15 杭州华三通信技术有限公司 Portal authentication method and equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003186783A (en) * 2001-12-18 2003-07-04 Hitachi Software Eng Co Ltd Data transfer method and system
CN104821940A (en) * 2015-04-16 2015-08-05 京信通信技术(广州)有限公司 Method and equipment for sending portal redirected address
CN105338072A (en) * 2015-10-20 2016-02-17 上海斐讯数据通信技术有限公司 HTTP (hyper text transport protocol) redirecting method and routing equipment
CN105871853A (en) * 2016-04-11 2016-08-17 上海斐讯数据通信技术有限公司 Portal authenticating method and system
CN105812481A (en) * 2016-04-20 2016-07-27 上海斐讯数据通信技术有限公司 Hypertext transfer protocol request identification system and hypertext transfer protocol request identification method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034989A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Method, system and router for originating the authentication request via the user terminal
CN101640680A (en) * 2009-09-02 2010-02-03 杭州华三通信技术有限公司 Network access control method, system and device
CN102469069A (en) * 2010-11-02 2012-05-23 杭州华三通信技术有限公司 method and device for preventing entrance authentication attack
US20140245395A1 (en) * 2012-10-16 2014-08-28 Guest Tek Interactive Entertainment Ltd. Off-site user access control
CN102946434A (en) * 2012-11-23 2013-02-27 广东宜通世纪科技股份有限公司 Communication method of wireless local area network (WLAN)
CN104780168A (en) * 2015-03-30 2015-07-15 杭州华三通信技术有限公司 Portal authentication method and equipment

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017177691A1 (en) * 2016-04-11 2017-10-19 上海斐讯数据通信技术有限公司 Portal authentication method and system
WO2018045798A1 (en) * 2016-09-12 2018-03-15 华为技术有限公司 Network authentication method and related device
CN106714206A (en) * 2016-09-29 2017-05-24 腾讯科技(深圳)有限公司 Method and device for detecting network connection by wireless network access point
CN107979577A (en) * 2016-10-25 2018-05-01 华为技术有限公司 A kind of method and apparatus of terminal authentication
WO2018076712A1 (en) * 2016-10-25 2018-05-03 华为技术有限公司 Terminal authentication method and device
EP3525411A4 (en) * 2016-10-25 2019-08-14 Huawei Technologies Co., Ltd. TERMINAL AUTHENTICATION METHOD AND DEVICE
US10701073B2 (en) 2016-10-25 2020-06-30 Huawei Technologies Co., Ltd. Terminal authentication method and device
CN107979577B (en) * 2016-10-25 2021-10-15 华为技术有限公司 Method and device for terminal authentication
CN107248998A (en) * 2017-07-04 2017-10-13 上海斐讯数据通信技术有限公司 The authentication method and device of a kind of application client of terminal device
CN107493206A (en) * 2017-08-16 2017-12-19 广东欧珀移动通信有限公司 A kind of network detecting method, network detection means and intelligent terminal
CN107493206B (en) * 2017-08-16 2019-04-23 Oppo广东移动通信有限公司 A network detection method, network detection device and intelligent terminal
CN112751844A (en) * 2020-12-28 2021-05-04 杭州迪普科技股份有限公司 Portal authentication method and device and electronic equipment

Also Published As

Publication number Publication date
WO2017177691A1 (en) 2017-10-19

Similar Documents

Publication Publication Date Title
CN105871853A (en) Portal authenticating method and system
EP2839609B1 (en) Authentication of service requests
JP2020126602A (en) Method and system for seamless single sign-on (sso) for native mobile-application initiated open-id connect (oidc) flow and security assertion markup language (saml) flow
CN103825881B (en) The reorientation method and device of WLAN user are realized based on wireless access controller AC
TWI735429B (en) Authentication method, device, system and electronic equipment for client login server end
JP2020057363A (en) Method and Program for Security Assertion Markup Language (SAML) Service Provider Initiated Single Sign-On
US20100100950A1 (en) Context-based adaptive authentication for data and services access in a network
WO2014082555A1 (en) Login method, device and open platform system
CN103747000B (en) Access the authentication method and device of wireless network
CN105162802B (en) Portal authentication method and certificate server
CN103796278A (en) Mobile terminal wireless network access control method
US8839396B1 (en) Providing single sign-on for wireless devices
US20190020764A1 (en) Provisioning a trial service to a mobile device
CN104836812A (en) Portal authentication method, device and system
CN109936579A (en) Single sign-on method, device, equipment and computer readable storage medium
CN114338078B (en) A CS client login method and device
US11531747B2 (en) Method for exchanging data between a web browser and an application
CN105873055A (en) Wireless network access authentication method and device
CN108259457A (en) A kind of WEB authentication methods and device
CN109495362B (en) Access authentication method and device
US10454897B1 (en) Proxy captive portal traffic for input-limited devices
CN112311766B (en) Method and device for acquiring user certificate and terminal equipment
CN110856145A (en) IOT device and user binding method, device and medium based on near field authentication
CN105991640A (en) Method for processing HTTP (hypertext transfer protocol) request and apparatus for processing HTTP (hypertext transfer protocol) request
CN115664761A (en) Single sign-on method and device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160817