When I go to a place with a WiFi hotspot (such as Panera Bread) and connect with my iPhone, the hotspot login page appears as a popup. That is, no matter what app I'm running or what web page I'm on, the login page scrolls up from the bottom, asks for my login credentials, and then disappears.
当我去一个有WiFi热点的地方(比如Panera Bread)并与我的iPhone连接时,热点登录页面就会弹出。也就是说,不管我正在运行什么应用程序,或者我在哪个网页上,登录页面从底部滚动,请求我的登录凭证,然后消失。
But at some other hotspots, I don't get the login page until I go to Safari and try to load a web page.
但是在其他一些热点,我只有在去Safari并尝试加载一个web页面时才能获得登录页面。
What is the iPhone looking for that causes it to pop up the login page at some hotspots and not others? Is there a special HTML meta tag? Or is it related to the way the redirect is implemented?
为什么iPhone会在某些热点而不是其他地方弹出登录页面?有特殊的HTML元标签吗?还是与重定向的实现方式有关?
3 个解决方案
#1
36
I managed to find out the correct term for this authentication type: "Captive portal". Punching in Captive Portal iPhone into Google turned out a few technical details from these pages: one, two, three.
我设法找到了这个身份验证类型的正确术语:“捕获门户”。从这些页面中,我们可以看到一些技术细节:1、2、3。
To implement a Wi-Fi popup login page:
实现Wi-Fi弹出式登录页面:
- DNS request for
www.apple.commust not fail - 对www.apple.com的DNS请求不能失败
- HTTP request for http://www.apple.com/library/test/success.html with special user agent
CaptiveNetworkSupport/1.0 wisprmust not returnSuccess. - 使用特殊的用户代理CaptiveNetworkSupport/1.0 wispr对http://www.apple.com/library/test/success.html的HTTP请求不能返回成功。
I have not tested this, but it sounds about right.
我没有测试过这个,但是它听起来是正确的。
Comments below mention that iOS 7 behaves differently and may query more than one server. I have not tested this. So easiest would be to simply redirect all HTTP communication to your login page, and block all non-HTTP communication.
下面的评论提到,ios7的行为不同,可能会查询多个服务器。我还没有测试过。因此,最简单的方法是将所有HTTP通信重定向到登录页面,并阻塞所有非HTTP通信。
Microsoft's captive portal detection uses something similar to pre-iOS7 behavior: its Network Connectivity Status Indicator attempts to contact http://www.msftncsi.com. Windows 8 and 8.1 also include support for WISPr.
微软的垄断门户检测使用了类似于ios7之前的行为:它的网络连接状态指示器试图联系http://www.msftncsi.com。Windows 8和8.1也支持WISPr。
Android's captive portal detection, as of AOSP 4.0.1, tries to contact http://clients3.google.com/generate_204 or http://www.google.com/blank.html.
在AOSP 4.0.1中,Android的垄断门户检测试图联系http://clients3.google.com/generate_204或http://www.google.com/blank.html。
So to be as universal as possible, you'll want to simply block all communication except for authentication, and include WISPr support on the login page.
因此,为了尽可能地通用,您只需阻塞除身份验证之外的所有通信,并在登录页面中包含WISPr支持。
I'd say "go with a proper authentication on your network" -- something universal such as PEAP+MSCHAPv2 -- but Windows makes it very painful for your users to set it up. I don't know who thought that "Use your Windows authentication details" makes a sane default on machines that are not part of a corporate domain network, or even why "Check certificate validity" is a sane default, as most networks will not consider getting a proper certificate a priority.
我想说的是“在你的网络上进行适当的认证”——一些通用的东西,比如PEAP+MSCHAPv2——但是Windows会让用户非常痛苦地设置它。我不知道是谁认为“使用您的Windows身份验证细节”会在不属于公司域网络的机器上造成一个正常的默认值,甚至为什么“检查证书有效性”是一个正常的默认值,因为大多数网络不会将获得一个合适的证书视为优先级。
#2
1
iOS 6 has apparently fixed WPA2 EAP as it's suddenly popping the login window now.
iOS 6显然已经修复了WPA2 EAP,现在它突然弹出了登录窗口。
Our companies public WiFi requires accepting the terms regarding monitoring, etc. I always had to manually open Safari on iPhone or iPad and navigate somewhere, it redirects to an internal acceptance page and when you clicked the Accept button it would go where you originally were headed.
我们公司的公共WiFi需要接受监控等条款。我总是需要在iPhone或iPad上手动打开Safari,在某个地方导航,它会重定向到一个内部的接收页面,当你点击接受按钮时,它会指向你原来的方向。
Today, I updated to iOS 6 and was plesantly surprised to see the Login window slide up from the bottom and allow me to click the Accept button without even opening Safari.
今天,我更新了iOS 6,看到登录窗口从底部向上滑动,我很惊讶,我甚至不需要打开Safari就可以点击Accept按钮。
#3
-4
I suspect that when the login page pops up the Wi-Fi is using EAP. This is a Wi-Fi protocol for authentication. In the case where you need to go to a web page then the authentication will be a custom access implemented by a server (i.e. at a higher level than EAP).
我怀疑,当登录页面弹出时,Wi-Fi正在使用EAP。这是一个用于身份验证的Wi-Fi协议。在需要访问web页面的情况下,身份验证将是服务器实现的自定义访问(即在高于EAP的级别上)。
#1
36
I managed to find out the correct term for this authentication type: "Captive portal". Punching in Captive Portal iPhone into Google turned out a few technical details from these pages: one, two, three.
我设法找到了这个身份验证类型的正确术语:“捕获门户”。从这些页面中,我们可以看到一些技术细节:1、2、3。
To implement a Wi-Fi popup login page:
实现Wi-Fi弹出式登录页面:
- DNS request for
www.apple.commust not fail - 对www.apple.com的DNS请求不能失败
- HTTP request for http://www.apple.com/library/test/success.html with special user agent
CaptiveNetworkSupport/1.0 wisprmust not returnSuccess. - 使用特殊的用户代理CaptiveNetworkSupport/1.0 wispr对http://www.apple.com/library/test/success.html的HTTP请求不能返回成功。
I have not tested this, but it sounds about right.
我没有测试过这个,但是它听起来是正确的。
Comments below mention that iOS 7 behaves differently and may query more than one server. I have not tested this. So easiest would be to simply redirect all HTTP communication to your login page, and block all non-HTTP communication.
下面的评论提到,ios7的行为不同,可能会查询多个服务器。我还没有测试过。因此,最简单的方法是将所有HTTP通信重定向到登录页面,并阻塞所有非HTTP通信。
Microsoft's captive portal detection uses something similar to pre-iOS7 behavior: its Network Connectivity Status Indicator attempts to contact http://www.msftncsi.com. Windows 8 and 8.1 also include support for WISPr.
微软的垄断门户检测使用了类似于ios7之前的行为:它的网络连接状态指示器试图联系http://www.msftncsi.com。Windows 8和8.1也支持WISPr。
Android's captive portal detection, as of AOSP 4.0.1, tries to contact http://clients3.google.com/generate_204 or http://www.google.com/blank.html.
在AOSP 4.0.1中,Android的垄断门户检测试图联系http://clients3.google.com/generate_204或http://www.google.com/blank.html。
So to be as universal as possible, you'll want to simply block all communication except for authentication, and include WISPr support on the login page.
因此,为了尽可能地通用,您只需阻塞除身份验证之外的所有通信,并在登录页面中包含WISPr支持。
I'd say "go with a proper authentication on your network" -- something universal such as PEAP+MSCHAPv2 -- but Windows makes it very painful for your users to set it up. I don't know who thought that "Use your Windows authentication details" makes a sane default on machines that are not part of a corporate domain network, or even why "Check certificate validity" is a sane default, as most networks will not consider getting a proper certificate a priority.
我想说的是“在你的网络上进行适当的认证”——一些通用的东西,比如PEAP+MSCHAPv2——但是Windows会让用户非常痛苦地设置它。我不知道是谁认为“使用您的Windows身份验证细节”会在不属于公司域网络的机器上造成一个正常的默认值,甚至为什么“检查证书有效性”是一个正常的默认值,因为大多数网络不会将获得一个合适的证书视为优先级。
#2
1
iOS 6 has apparently fixed WPA2 EAP as it's suddenly popping the login window now.
iOS 6显然已经修复了WPA2 EAP,现在它突然弹出了登录窗口。
Our companies public WiFi requires accepting the terms regarding monitoring, etc. I always had to manually open Safari on iPhone or iPad and navigate somewhere, it redirects to an internal acceptance page and when you clicked the Accept button it would go where you originally were headed.
我们公司的公共WiFi需要接受监控等条款。我总是需要在iPhone或iPad上手动打开Safari,在某个地方导航,它会重定向到一个内部的接收页面,当你点击接受按钮时,它会指向你原来的方向。
Today, I updated to iOS 6 and was plesantly surprised to see the Login window slide up from the bottom and allow me to click the Accept button without even opening Safari.
今天,我更新了iOS 6,看到登录窗口从底部向上滑动,我很惊讶,我甚至不需要打开Safari就可以点击Accept按钮。
#3
-4
I suspect that when the login page pops up the Wi-Fi is using EAP. This is a Wi-Fi protocol for authentication. In the case where you need to go to a web page then the authentication will be a custom access implemented by a server (i.e. at a higher level than EAP).
我怀疑,当登录页面弹出时,Wi-Fi正在使用EAP。这是一个用于身份验证的Wi-Fi协议。在需要访问web页面的情况下,身份验证将是服务器实现的自定义访问(即在高于EAP的级别上)。