How to create WiFi popup login page

iphone wifi
Barry Brown picture Barry Brown · Sep 1, 2010 · Viewed 66.2k times · Source

When I go to a place with a WiFi hotspot (such as Panera Bread) and connect with my iPhone, the hotspot login page appears as a popup. That is, no matter what app I'm running or what web page I'm on, the login page scrolls up from the bottom, asks for my login credentials, and then disappears.

But at some other hotspots, I don't get the login page until I go to Safari and try to load a web page.

What is the iPhone looking for that causes it to pop up the login page at some hotspots and not others? Is there a special HTML meta tag? Or is it related to the way the redirect is implemented?

Answer

Ivan Vučica picture Ivan Vučica · Sep 12, 2010

I managed to find out the correct term for this authentication type: "Captive portal". Punching in Captive Portal iPhone into Google turned out a few technical details from these pages: one, two, three.

To implement a Wi-Fi popup login page:

  1. DNS request for www.apple.com must not fail
  2. HTTP request for http://www.apple.com/library/test/success.html with special user agent CaptiveNetworkSupport/1.0 wispr must not return Success.

I have not tested this, but it sounds about right.

Comments below mention that iOS 7 behaves differently and may query more than one server. I have not tested this. So easiest would be to simply redirect all HTTP communication to your login page, and block all non-HTTP communication.

Microsoft's captive portal detection uses something similar to pre-iOS7 behavior: its Network Connectivity Status Indicator attempts to contact http://www.msftncsi.com. Windows 8 and 8.1 also include support for WISPr.

Android's captive portal detection, as of AOSP 4.0.1, tries to contact http://clients3.google.com/generate_204 or http://www.google.com/blank.html.

So to be as universal as possible, you'll want to simply block all communication except for authentication, and include WISPr support on the login page.

I'd say "go with a proper authentication on your network" -- something universal such as PEAP+MSCHAPv2 -- but Windows makes it very painful for your users to set it up. I don't know who thought that "Use your Windows authentication details" makes a sane default on machines that are not part of a corporate domain network, or even why "Check certificate validity" is a sane default, as most networks will not consider getting a proper certificate a priority.

Related questions

Connect Device to Mac localhost Server?

How do I allow any device, e.g., iPhone, to connect over a WLAN to my Mac's localhost server? On my Mac, I'm running a "Hello World" HTTP Node.js server that serves a page, which Safari opens successfully, at …

Read More
iOS – Run/Debug/Install builds over Wi-Fi

We have iPad and iPhone devices, but short of wires. Is there any way that we can install/debug the builds over Wi-Fi in iOS? I know the way in Android, but not of iOS.

Read More
Accessing iPhone WiFi Information via SDK

Is there a way using the iPhone SDK to get WiFi information? Things like Signal Strength, WiFi Channel and SSID are the main things I'm looking for. Only interested in Wifi info, not cellular.

Read More