iOS Captive Network Assistant behavior on Hotspots

2018-06-25 18:30:40

We have a hotspot product using SMS authentication method. The user chooses our WiFi Hotspot network and is redirected to our login page.

On iOS and Adroid, a Captive Portal pop-up is activated showing our login page. We ask users to fill in a form and submit their phone number. When they click "Submit" we send them an SMS with a verification code.

The login window (hosted on our server) changes to a new page which is displaying a field to enter the verification code. So far so good... If the user sees the "notification popup" for the SMS on his screen on top of the captive window, he can see the code and enter it in the provided field and authenticate.

But if he doesn't have SMS notification set like this, he has to go to his SMS app and look up the code. Now, the only way to do that is to close the Captive popup but then he gets disconnected from our hotspot. If he reconnects he needs to fill in the form again and gets a new SMS but he faces the same problem.

Now, all this time user is not authenticated, so in iOS the captive window displays "Cancel" in the top right corner. I have seen this same method on other hotspots, but from the first Captive window, the control displayed in top right corner is "Done". As far as I know, the difference there is that the "Done" control is shown when the user is authenticated and "Cancel" while he hasn't been authenticated yet.

Is there a way to "fool" the CNA to "think" the user has internet access and display "Done" so when Captive window is closed, the device stays connected to our Hotspot?

We are thinking either some "two-step" authentication, like temporary (to get "Done") and then the "real" one after entering verification code.

Another way might be to use some kind of script (like "Success" trick on iOS) to fool the CNA into thinking there's internet access. But where and how to apply the "Success trick"? In some of the HTML pages in the router? Or somewhere in our login page code?

Different OS versions and different platforms check for internet access in different ways. iOS for example looks for one of these:

http://captive.apple.com/hotspot-detect.html

http://captive.apple.com

etc.

Android uses (among others):

http://clients3.google.com/generate_204

The best solution is for your captive portal to allow access to these through the firewall. If you're using MAC filtering via ipfw or iptables this is easy. If you're doing DNS spoofing it's harder -- for those cases I'd just include the "success" pages in your captive portal package.

链接地址: http://www.djcxy.com/p/72116.html

上一篇: C ++多行字符串文字

下一篇: iOS热点网络助理行为