I have a customer who would like an app to control access to his wi-fi hotspot.
Basically it would ask user for email address and check against know email addresses. If found welcome message and allow access. If email not found, to prompt for details, GDPE permission etc before allowing access.
Has anyone done anything like this in XOJO and got any tips, pointers or even example code?
What you want is a sort of a thing called “Captive Portal” and is a router/accesspoint thing. Don’t know one let the user register in it (must do an admin) but you can review the great FreeBSD based firewall pfSense, that does Captive Portal out of the box.
@Jos Maria Terry Jimnez: +1 on pfSense. An excellent package. It uses a Radius server for authentication and accounting or its own user manager where the admin creates users within pfSense for everyone.
I understood the requirement to be open but managed, so a RADIUS server (or similar solution) is probably the better way forward.
from the pfSense Documentation:
[quote]Captive Portal
The Captive Portal function in pfSense allows securing a network by requiring a username and password (or only a click through), entered on a portal page.
If authentication is used, this can be performed using pfSenses built-in user management, or an external authentication server such as a RADIUS server.
[/quote]
Thanks guys, but FreeRadius and pfSense seems a little over complicated for what my customer wants.
Perhaps I’m being a little nave or over simplistic here, couldn’t I configure the Access point DHCP with no Gateway address, but would run a XOJO Web App when someone connected. The web App would do whatever validation was wanted and supply Gateway address (and perhaps reset DNS address) which would then allow internet access?
FWIW, I recently deployed a FreeRadius server on a Raspberry Pi3. The docs are daunting but the config turned out to be straightforward. Many NAS devices offer FreeRadius packages too. We also have used pfSense’s portal in a commercial hotel to allow guests to access wifi and it works well.
I think one of these might be far simpler to use in the long run than trying to roll your own.
Missing GW and DNS addresses and supplying them later (if you could do) is nothing but secure. Any user can supply that addresses manually and get access. You need a control in router or access point that DROPs every connection not authorized.
DHCP gives leases and a time to renew, the device won’t renew after this time expiration, so it’s complicated to do what you want and i don’t know any protocol to “complete” a network configuration. And i repeat this approach is completly insecure, nothing and this is the same. Users are very “creative”.