Webauth

From Wiki of WFilter NG Firewall
(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
 
{{DISPLAYTITLE:Web Auth}}
 
{{DISPLAYTITLE:Web Auth}}
==启用用户名认证==
+
== Web Auth ==
[[File:Faq_en_webauth001.jpg]]
+
"Web Auth" brings you two features:
<p>勾选'''本地认证'''后,需要在本地账号模块中添加账号;勾选'''远程认证'''需要配置radius服务器相关信息,所以前提是存在一个radius服务器,请参考[[how_to_conf_radius_server|How to config radius server]]。</p>
+
* "User & Pass Auth": correct username and password are required to access internet.
<p>效果:客户机访问网页跳转到认证界面</p>
+
* "Third Party Auth": interface for third party authentication. The authentication logic is done via a third party service. For example:
[[File:Faq_en_webauth002.jpg]]
+
** Facebook Wi-Fi
==启用营销认证==
+
** WeChat Wi-Fi
 +
Together with other module, you can:
 +
* Display usernames for client devices.(Real-time Bandwidth)
 +
* Record internet activites by username.(Internet Usage)
 +
* Set access policy by username.(Access Policy)
  
 +
== User & Pass Auth ==
 +
When enabled, clients in the target ip ranges will be required for username and password when browsing webpages.
 +
[[File:Faq_en_webauth002.jpg|600px]]
  
==常见问题==
+
Settings:
 +
* IP Range: ip ranges to enable "User & Pass Auth".
 +
* Auth Type
 +
** "Local Auth": authenticate with username and password of local accounts.
 +
** "Remote Auth": send credentials to a remote radius server for authentication. For example, [[Enable_AD_Radius|Configure RADIUS Server Authentication for Active Directory]]
 +
** When both are enabled, we will do "local auth" first. If this user is not found in "local account", then check the remote radius sever.
 +
* Timeout: re-authentication is required on timeout.
 +
 
 +
[[File:Faq_en_webauth001.jpg|800px]]
 +
 
 +
== Third Party Auth ==
 +
=== WeChat WiFi ===
 +
 
 +
"WeChat WiFi" is integrated by default. With this option, client devices can access internet by clicking "WeChat WiFi" in smartphone's browsers. You need to setup "WeChat Wifi" in your WeChat public account platform.
 +
 
 +
[[File:Faq_en_webauth003.jpg|600px]]
 +
 
 +
When a smartphone is connected, visiting any webpage will be redirected to the authenticate page.
 +
 
 +
[[File:Faq_en_webauth004.jpg|600px]]
 +
 
 +
For more about WeChat Wifi, please check: https://wifi.weixin.qq.com/biz/mp/join-process.xhtml
 +
 
 +
=== Customize ===
 +
When enabled, clients in the target ip range will be redirected to the "Auth URL", you can do what you want in the "Auth URL", for example:
 +
* Require the client to like a facebook page, or sharing a post.
 +
* Display advertises.
 +
* And others.
 +
 
 +
When you're done, you need to redirect client to the "Verify URL". For development details, please check [[API_WebAuth|WFilter ROS Third Party Auth API]]
 +
 
 +
== Exception ==
 +
* MAC White List: mac addresses in this list do not require authentication.
 +
* Domain Exception: domains in this list can be visited without authentication.
 +
 
 +
== FAQ ==

Revision as of 16:15, 24 December 2015

Contents

1 Web Auth

"Web Auth" brings you two features:

  • "User & Pass Auth": correct username and password are required to access internet.
  • "Third Party Auth": interface for third party authentication. The authentication logic is done via a third party service. For example:
    • Facebook Wi-Fi
    • WeChat Wi-Fi

Together with other module, you can:

  • Display usernames for client devices.(Real-time Bandwidth)
  • Record internet activites by username.(Internet Usage)
  • Set access policy by username.(Access Policy)

2 User & Pass Auth

When enabled, clients in the target ip ranges will be required for username and password when browsing webpages. Faq en webauth002.jpg

Settings:

  • IP Range: ip ranges to enable "User & Pass Auth".
  • Auth Type
    • "Local Auth": authenticate with username and password of local accounts.
    • "Remote Auth": send credentials to a remote radius server for authentication. For example, Configure RADIUS Server Authentication for Active Directory
    • When both are enabled, we will do "local auth" first. If this user is not found in "local account", then check the remote radius sever.
  • Timeout: re-authentication is required on timeout.

Faq en webauth001.jpg

3 Third Party Auth

3.1 WeChat WiFi

"WeChat WiFi" is integrated by default. With this option, client devices can access internet by clicking "WeChat WiFi" in smartphone's browsers. You need to setup "WeChat Wifi" in your WeChat public account platform.

Faq en webauth003.jpg

When a smartphone is connected, visiting any webpage will be redirected to the authenticate page.

Faq en webauth004.jpg

For more about WeChat Wifi, please check: https://wifi.weixin.qq.com/biz/mp/join-process.xhtml

3.2 Customize

When enabled, clients in the target ip range will be redirected to the "Auth URL", you can do what you want in the "Auth URL", for example:

  • Require the client to like a facebook page, or sharing a post.
  • Display advertises.
  • And others.

When you're done, you need to redirect client to the "Verify URL". For development details, please check WFilter ROS Third Party Auth API

4 Exception

  • MAC White List: mac addresses in this list do not require authentication.
  • Domain Exception: domains in this list can be visited without authentication.

5 FAQ

Personal tools
Namespaces

Variants
Actions
Navigation
Tools