WifiDog 认证原理和流程

WifiDOG是一个热点系统，包含了认证服务器和客户端两部分组成，认证原理大体说下：
General Flow Description:
一般流程描述：
①The client does his initial request, as if he was already connected, (e.g.: http://www.6hl.cn)
客户端发出初始化请求，比如访问 www.6hl.cn 这个站点
②The Gateway's firewall rules mangle the request to redirect it to a local port on the Gateway. When that's the done, the Gateway provides an HTTP Redirect reply that contains the Gateway ID, Gateway FQDN and other informations
网关的防火墙规则将这个请求重定向到本地网关的端口上。当做完这个工作，网关提供一个HTTP重定向回复，包含了Gateway的ID，Gateway的FQDN以及其他的信息。
③The Client does his request to the Auth Server as specified by the Gateway, see Login Protocol
用户向认证服务器发出认证请求
http://auth_server/login?
gw_id=[GatewayID, default: "default"]
gw_address=[GatewayAddress, internal IP of router]
gw_port=[GatewayPort, port that wifidog Gateway is listening on]
url=[user requested url]

④The Gateway replies with a (potentially custom) splash (login) page
网关返回一个（可以是自定义的）splash（也称作“登录”）页面
⑤The Client provides his identification informations (username and password)
用户提供他的凭据信息，比如用户名和密码
⑥Upon succesful authentication, the client gets an HTTP Redirect to the Gateway's own web server with his authentication proof (a one-time token), http://GatewayIP:GatewayPort/wifidog/auth?token=[auth token]
成功认证的话，客户端将会被重定向到网关的自己的web页面上，并且带有一个 认证凭据（一个一次性的token），内容比如
http://GatewayIP:GatewayPort/wifidog/auth?token=[auth token]
⑦The Client then connects to the Gateway and thus gives it his token
用户就是用获取到的凭据访问网关
⑧The Gateway requests validation of the token from the Auth Server, see Client Protocol【见登录心跳】
网关去认证服务器询问token的有效性
⑨The Auth Server confirms the token
认证服务器确认token的有效性
①①The Gateway then sends a redirect to the Client to obtain the Success Page from the Auth Server, redirects to http://auth_server/portal/
网关发送重定向给客户端，以从认证服务器上获取 成功提示页面，重定向到 http://auth_server/portal/ 这个位置
①②The Auth Server notifies the Client that his request was successful
认证服务器通知客户请求成功，可以上网了

本文章由 http://www.wifidog.pro/2015/02/11/wifidog%E5%8E%9F%E7%90%86%E5%8F%8A%E6%B5%81%E7%A8%8B.html 整理编辑，转载请注明出处