CN104837134B - A kind of web authentication user login method, equipment and system - Google Patents
A kind of web authentication user login method, equipment and system Download PDFInfo
- Publication number
- CN104837134B CN104837134B CN201410045084.0A CN201410045084A CN104837134B CN 104837134 B CN104837134 B CN 104837134B CN 201410045084 A CN201410045084 A CN 201410045084A CN 104837134 B CN104837134 B CN 104837134B
- Authority
- CN
- China
- Prior art keywords
- account
- mac address
- address
- status
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
一种Web认证用户登录方法、设备和系统,包括:门户Portal服务器在接收到终端发送的携带本次登录账号、该终端的IP地址和MAC地址信息的登陆请求报文后,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态,Portal服务器在确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态均为不在线时,向接入网关发送挑战Challenge请求报文。本发明实施例的方案中,因对终端本次登录时该终端的IP地址状态和MAC地址状态进行核查,在确定为均不在线时,也即满足IP地址和MAC地址仅能一次在线的唯一性限制条件时,才进行Challenge交互流程,使得用户可以成功地进行Web认证。
A method, device and system for web authentication user login, comprising: after receiving a login request message sent by a terminal and carrying the login account, the terminal's IP address and MAC address information, the portal server determines the IP address The IP address status of the IP address and the MAC address status of the MAC address, the Portal server sends a Challenge request message to the access gateway when it is determined that the IP address status of the IP address and the MAC address status of the MAC address are not online. arts. In the solution of the embodiment of the present invention, due to checking the IP address status and the MAC address status of the terminal when the terminal logs in this time, when it is determined that neither is online, that is to say, the IP address and the MAC address can only be online once. The Challenge interaction process is performed only when there are certain restrictions, so that the user can successfully perform web authentication.
Description
技术领域technical field
本发明涉及无线通信技术领域,尤其涉及一种Web认证用户登录方法、设备和系统。The invention relates to the technical field of wireless communication, in particular to a method, device and system for web authentication user login.
背景技术Background technique
基于门户(Portal)协议、超文本传输协议(Hypertext Transfer Protocol,HTTP)重定向的Web认证广泛应用于互联网接入的认证控制。Web认证的典型信令流程如图1所示,包括以下步骤:Web authentication based on portal (Portal) protocol and hypertext transfer protocol (Hypertext Transfer Protocol, HTTP) redirection is widely used in authentication control of Internet access. The typical signaling process of web authentication is shown in Figure 1, including the following steps:
步骤101:终端向接入网关发送HTTP连接请求报文;Step 101: the terminal sends an HTTP connection request message to the access gateway;
步骤102:接入网关判断(一般基于终端的IP地址或MAC地址)终端处于未认证状态,向未认证终端推送HTTP重定向报文;Step 102: the access gateway judges (generally based on the IP address or MAC address of the terminal) that the terminal is in an unauthenticated state, and pushes an HTTP redirect message to the unauthenticated terminal;
一般情况下,HTTP重定向报文中包含构造的统一资源定位符(Union ResourceLocation,URL),下面的URL即为一个实例:http://221.176.1.140:8080/wlan/index.php?wlanuserip=183.241.167.185&wlanacn ame=1201.0010.100.00&ssid=CMCC&NASID=8047202010000460Generally, the HTTP redirect message contains a constructed Uniform Resource Locator (Union ResourceLocation, URL), and the following URL is an example: http://221.176.1.140:8080/wlan/index.php? wlanuserip=183.241.167.185&wlanacname=1201.0010.100.00&ssid=CMCC&NASID=8047202010000460
其中包含了Portal服务器的IP地址(221.176.1.140)发起后续认证流程所需的用户IP地址(wlanuserip=183.241.167.185)等信息。It contains information such as the IP address (221.176.1.140) of the Portal server and the user IP address (wlanuserip=183.241.167.185) required for initiating the subsequent authentication process.
步骤103:终端向Portal服务器发送HTTP连接请求报文;Step 103: the terminal sends an HTTP connection request message to the Portal server;
终端利用上述URL向Portal服务器发送HTTP请求,由于接入网关在HTTP重定向时构造的URL中包含终端的IP地址,因此,步骤103可以实现将此唯一标识信息也即终端的IP地址传递给Portal服务器。The terminal uses the above URL to send an HTTP request to the Portal server. Since the URL constructed by the access gateway during HTTP redirection contains the terminal's IP address, step 103 can realize that the unique identification information, that is, the terminal's IP address, is passed to the Portal server. server.
步骤104:Portal服务器向终端推送统一认证Portal登录页面;Step 104: the Portal server pushes the unified authentication Portal login page to the terminal;
步骤105:终端接收用户输入的账号和密码并向Portal服务器发送登录请求;Step 105: the terminal receives the account number and password input by the user and sends a login request to the Portal server;
步骤106:Portal服务器向Radius服务器查询用户计费信息;Step 106: the Portal server queries the Radius server for user billing information;
步骤107:Radius服务器向Portal服务器返回查询结果;Step 107: the Radius server returns the query result to the Portal server;
步骤108:Portal服务器确定查询结果为成功时,向接入网关发送挑战Challenge报文;Step 108: when the Portal server determines that the query result is successful, it sends a Challenge message to the access gateway;
所述Challenge报文里包含了Portal从URL里提取的用户IP地址(wlanuserip)。The Challenge message includes the user IP address (wlanuserip) extracted from the URL by the Portal.
步骤109:接入网关将分配的Challenge发送给Portal服务器;Step 109: the access gateway sends the assigned Challenge to the Portal server;
步骤110:Portal服务器利用接收的Challenge对用户名密码进行加密,并将账号密码等信息发送至接入网关;Step 110: the Portal server encrypts the username and password with the received Challenge, and sends information such as the account password to the access gateway;
步骤111:接入网关将收到的认证数据转发至远程用户拨号认证系统(RemoteAuthentication Dial In User Service,Radius)服务器进行校验;Step 111: the access gateway forwards the received authentication data to the Remote Authentication Dial In User Service (Radius) server for verification;
步骤112:接入网关接收Radius服务器反馈的认证结果;Step 112: the access gateway receives the authentication result fed back by the Radius server;
在此步骤112中,接入网关在认证上线流程中收到Radius服务器回复的认证通过报文后将此IP地址配置为通过认证状态。In this step 112 , the access gateway configures the IP address to pass the authentication state after receiving the authentication passing message replied by the Radius server during the online authentication process.
步骤113:接入网关将Radius服务器反馈的认证结果转发至Portal服务器;Step 113: the access gateway forwards the authentication result fed back by the Radius server to the Portal server;
步骤114:Portal服务器向终端推送登录成功页面。Step 114: the Portal server pushes a login success page to the terminal.
步骤115:Portal服务器向接入网关发送认证成功。Step 115: the Portal server sends an authentication success message to the access gateway.
在正常情况下,终端能顺利地进行上述流程,成功地通过Web认证,然而,上述Web认证流程对终端的异常登录行为无法进行判断,并最终导致登录失败。Under normal circumstances, the terminal can go through the above process smoothly and successfully pass the web authentication. However, the above web authentication process cannot judge the abnormal login behavior of the terminal, and eventually lead to login failure.
下面通过由终端发起多次上线流程这一异常登录行为导致上线流程失败的案例对登录失败进行说明:The following describes the login failure through the case where the abnormal login behavior caused by the terminal to initiate multiple online processes leads to the failure of the online process:
如图2所示,当上线过程中Portal服务器发送给接入网关的挑战请求(req_challenge)报文中的userip(用户IP地址)在AC处是已经认证过、处于在线状态的IP地址,接入网关就会拒绝Portal服务器的Challenge交互申请,导致用户上线失败。As shown in Figure 2, when the userip (user IP address) in the challenge request (req_challenge) message sent by the Portal server to the access gateway during the online process is an authenticated and online IP address at the AC, the access The gateway will reject the challenge interaction application of the Portal server, resulting in the failure of the user to go online.
实际报文交互过程:用户第一次上线流程(21)正常执行,但随后用户发起第二次上线(22)(如点击上线后,用户在手机操作界面点击了“返回键”回退至Portal登录页面并再次发起了认证流程),第二次流程接入网关拒绝了challenge交互请求导致用户上线失败。Actual message interaction process: the user goes online for the first time (21) normally, but then the user initiates the second online (22) (for example, after clicking Go Online, the user clicks the "Back button" on the mobile phone interface to go back to Portal login page and initiate the authentication process again), the second process access gateway rejected the challenge interaction request and the user failed to go online.
当用户发起多次上线,如登录后基于浏览器返回Portal登录页面并再次发起登录流程、用户打开保存的Portal登录页面并发起登录流程等,在这种情况下当Portal服务器发送请求挑战challenge报文时,接入网关将返回分配challenge错误的报文,错误类型包括终端处于认证过程中、终端处于已上线状态等,导致用户的上线流程无法正常流转、登录失败,导致用户使用网络的感知不佳。When the user initiates multiple logins, such as returning to the Portal login page based on the browser and initiating the login process again after login, or opening the saved Portal login page and initiating the login process, etc., in this case, when the Portal server sends a challenge message , the access gateway will return a packet that assigns a challenge error. The error types include the terminal being in the process of authentication, the terminal being in the online state, etc., resulting in the failure of the user's online process and login failure, resulting in poor perception of the user's use of the network. .
发明内容Contents of the invention
本发明实施例提供一种Web认证用户登录方法、设备和系统,以解决现有技术中WEB认证过程对用户的异常登录行为无法进行判断,并最终导致登录失败的问题。Embodiments of the present invention provide a web authentication user login method, device and system to solve the problem in the prior art that the WEB authentication process cannot judge the user's abnormal login behavior and eventually lead to login failure.
一种Web认证用户登录方法,所述方法包括:A method for web authentication user login, said method comprising:
Portal服务器在接收到终端发送的携带本次登录账号、该终端的IP地址和该终端的MAC地址信息的登陆请求报文后,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态,所述IP地址状态和MAC地址状态均包括:不在线、在线和认证过程中;The Portal server determines the IP address state of the IP address and the MAC address of the MAC address after receiving the login request message sent by the terminal and carrying the login account, the terminal's IP address, and the terminal's MAC address information. Status, the IP address status and the MAC address status both include: offline, online and authentication process;
Portal服务器在确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态均为不在线时,向接入网关发送挑战Challenge请求报文。When the Portal server determines that both the IP address status of the IP address and the MAC address status of the MAC address are offline, the Portal server sends a Challenge request message to the access gateway.
一种Portal服务器,所述Portal服务器包括:A kind of Portal server, described Portal server comprises:
接收单元,用于接收终端发送的携带本次登录账号、该终端的IP地址和该终端的MAC地址信息的登陆请求报文;The receiving unit is used to receive the login request message sent by the terminal and carry the login account, the terminal's IP address and the terminal's MAC address information;
确定单元,用于确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态,所述IP地址状态和MAC地址状态均包括:不在线、在线和认证过程中;A determining unit, configured to determine the IP address status of the IP address and the MAC address status of the MAC address, where both the IP address status and the MAC address status include: offline, online, and in the process of authentication;
发送单元,用于在确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态均为不在线时,向接入网关发送Challenge请求报文。A sending unit, configured to send a Challenge request message to the access gateway when it is determined that both the IP address status of the IP address and the MAC address status of the MAC address are offline.
一种Web认证用户登录系统,所述系统包括:终端、Portal服务器和接入网关;A Web authentication user login system, the system includes: a terminal, a Portal server and an access gateway;
所述终端,用于向Portal服务器发送携带本次登录账号、该终端的IP地址和该终端的MAC地址信息的登陆请求报文;The terminal is configured to send a login request message carrying the login account, the terminal's IP address and the terminal's MAC address information to the Portal server;
所述Portal服务器,用于接收所述登陆请求报文后,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态,所述IP地址状态和MAC地址状态均包括:不在线、在线和认证过程中;以及在确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态均为不在线时,向接入网关发送Challenge请求报文;The Portal server is configured to determine the IP address status of the IP address and the MAC address status of the MAC address after receiving the login request message, the IP address status and the MAC address status both include: offline, Online and in the authentication process; and when it is determined that the IP address status of the IP address and the MAC address status of the MAC address are not online, send a Challenge request message to the access gateway;
接入网关,用于接收Portal服务器发送的Challenge请求报文。The access gateway is used to receive the Challenge request message sent by the Portal server.
本发明实施例的方案中,由于对终端本次登录时该终端的IP地址状态和MAC地址状态进行核查,在确定为均不在线时,也即满足IP地址和MAC地址仅能一次在线的唯一性限制条件时,才进行Challenge交互流程,使得用户可以成功地进行Web认证。In the solution of the embodiment of the present invention, due to checking the IP address status and MAC address status of the terminal when the terminal logs in this time, when it is determined that neither is online, that is to say, the IP address and the MAC address can only be online once. The Challenge interaction process is performed only when there are certain restrictions, so that the user can successfully perform web authentication.
附图说明Description of drawings
图1为背景技术中Web认证信令流程示意图;FIG. 1 is a schematic diagram of the signaling process of Web authentication in the background technology;
图2为背景技术中抓取的数据包截图;Fig. 2 is the screenshot of the packet captured in the background technology;
图3为本发明实施例中Web认证用户登录方法流程图之一;Fig. 3 is one of the flow charts of the Web authentication user login method in the embodiment of the present invention;
图4为本发明实施例中Web认证用户登录方法流程图之二;Fig. 4 is the second flow chart of the Web authentication user login method in the embodiment of the present invention;
图5为本发明实施例中Web认证用户登录的信令流程图;Fig. 5 is the signaling flowchart of Web authentication user login in the embodiment of the present invention;
图6为本发明实施例中Portal服务器的结构示意图;Fig. 6 is the structural representation of Portal server in the embodiment of the present invention;
图7为本发明实施例中Web认证用户登录的系统结构示意图。FIG. 7 is a schematic diagram of the system structure of Web authentication user login in the embodiment of the present invention.
具体实施方式Detailed ways
为清楚地说明本发明实施例的方案,下面首先对本发明实施例方案的基本原理进行说明。In order to clearly illustrate the solutions of the embodiments of the present invention, the basic principles of the solutions of the embodiments of the present invention will be firstly described below.
由于Web认证的信令交互过程中有两种标识信息标识用户,分别是IP地址(标识用户在接入网关中的唯一索引)、MAC地址(标识用户的终端)。因此,若要唯一标识一个用户,则此两种标识信息需满足唯一性限制条件,也就是IP、MAC都是有且只能一次在线,一个IP地址不能分配给两个终端用,一个终端不能上线两次,都是只能一次在线。In the signaling interaction process of Web authentication, there are two types of identification information to identify the user, namely IP address (identifying the user's unique index in the access gateway) and MAC address (identifying the user's terminal). Therefore, if a user is to be uniquely identified, the two types of identification information must meet uniqueness constraints, that is, both IP and MAC are available and can only be online at one time, and one IP address cannot be assigned to two terminals, and one terminal cannot You can only go online once if you go online twice.
本发明实施例的方案中,在用户终端发起上线流程之后,Portal服务器发起Challenge交互之前,对上述两种标识信息均做信息检测,并对MAC在线时已在线账号与本次登陆账号的比对信息进行检测,只有两种标识信息均满足唯一性限定条件、解决在线账号冲突后才能执行Challenge交互及后续信令流程。In the solution of the embodiment of the present invention, after the user terminal initiates the online process and before the Portal server initiates the Challenge interaction, information detection is performed on the above two types of identification information, and the online account when the MAC is online is compared with the current login account Information is detected, and the Challenge interaction and subsequent signaling process can only be executed after the two types of identification information meet the uniqueness restriction conditions and the online account conflict is resolved.
通常,异常情况包括以下两种:Usually, abnormal situations include the following two types:
第一种:IP地址在线:最大的可能是portal服务器通过Portal URL获取到的用户IP地址(userip)不是正确的IP地址,这种情况下将用户重定向至WWW.10086.CN(不局限于此网站),使用户终端执行一次HTTP重定向流程,通过正确的Portal URL访问登陆页面即可;The first type: IP address is online: the biggest possibility is that the user IP address (userip) obtained by the portal server through the Portal URL is not the correct IP address. In this case, the user will be redirected to WWW.10086.CN (not limited to This website), so that the user terminal performs an HTTP redirection process, and accesses the login page through the correct Portal URL;
第二种:MAC地址在线:表示此用户终端已处于在线状态,若账号相同则执行下线-上线流程使用户登陆成功,若账号不同,此种情况下需要提示用户此终端已通过账号***完成了认证流程,当前处于认证通过状态,根据用户的选择执行相应账号的登陆流程。The second type: MAC address online: Indicates that the user terminal is already online. If the account is the same, the log-on process will be executed to make the user log in successfully. If the account is different, in this case, the user needs to be prompted that the terminal has passed the account** *Completed the authentication process, currently in the authentication pass state, and executes the login process of the corresponding account according to the user's choice.
下面结合具体实施例详细描述本发明的方案。The solution of the present invention will be described in detail below in conjunction with specific embodiments.
如图3所示,为本发明实施例中的一种Web认证用户登录方法示意图,所述方法具体包括以下步骤:As shown in Figure 3, it is a schematic diagram of a method for logging in a Web authentication user in an embodiment of the present invention, and the method specifically includes the following steps:
步骤301:Portal服务器接收终端发送的携带本次登录账号、该终端的IP地址和该终端的MAC地址信息的登陆请求报文,并执行步骤302;Step 301: The Portal server receives the login request message carrying the login account, the terminal's IP address and the terminal's MAC address information sent by the terminal, and executes step 302;
步骤302:Portal服务器确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态,所述IP地址状态和MAC地址状态均包括:不在线、在线和认证过程中;Step 302: the Portal server determines the IP address status of the IP address and the MAC address status of the MAC address, and the IP address status and the MAC address status both include: offline, online and authentication process;
在Portal服务器在确定所述IP地址的IP地址状态为认证过程中或所述MAC地址的MAC地址状态为认证过程中时,执行步骤303;When the Portal server determines that the IP address state of the IP address is in the authentication process or the MAC address state of the MAC address is in the authentication process, step 303 is performed;
在Portal服务器在确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态均为不在线时,执行步骤304;When the Portal server determines that the IP address status of the IP address and the MAC address status of the MAC address are not online, step 304 is performed;
Portal服务器在确定IP地址状态为在线时,执行步骤305;When the Portal server determines that the IP address status is online, step 305 is performed;
Portal服务器在确定MAC地址状态为在线时,执行步骤306;When the Portal server determines that the MAC address status is online, step 306 is performed;
步骤303:结束。Step 303: end.
需要说明的是,在确定所述IP地址的IP地址状态为认证过程中或所述MAC地址的MAC地址状态为认证过程中时,说明是因所述终端的浏览器出现问题或者网络出现拥塞导致用户无法登陆,此时不进行任何操作。It should be noted that when it is determined that the status of the IP address of the IP address is in the process of authentication or the status of the MAC address of the MAC address is in the process of authentication, it means that there is a problem with the browser of the terminal or that the network is congested. The user cannot log in, and no operation is performed at this time.
步骤304:向接入网关发送Challenge请求报文。Step 304: Send a Challenge request message to the access gateway.
步骤305:向所述终端推送“请重新输入账号信息”的页面,以及在接收到终端的确定重新输入账号信息时,向终端推送Portal登录页面。Step 305: Push a page of "Please re-enter account information" to the terminal, and push a Portal login page to the terminal when receiving confirmation from the terminal to re-enter the account information.
本步骤305是针对IP地址在线这一情况执行的,出现IP地址在线的原因很大可能是因为用户使用了保存的Portal URL打开了Portal页面,进而使Portal服务器从所述URL中获得的终端的IP地址是错误的IP地址,此时,采取将终端重定向至Portal页面,进而可获得正确的IP地址。This step 305 is carried out aiming at the situation that the IP address is online, the reason that the IP address is online is likely to be that the user uses the saved Portal URL to open the Portal page, and then the Portal server obtains the terminal information from the URL. The IP address is wrong. In this case, redirect the terminal to the Portal page to obtain the correct IP address.
步骤306:Portal服务器判断与该MAC地址对应的账号与所述本次登录账号是否相同;在相同时,执行步骤307;在不相同时,执行步骤308。Step 306: The Portal server judges whether the account corresponding to the MAC address is the same as the current login account; if they are the same, execute step 307; if not, execute step 308.
步骤307:向接入网关发送指示,指示接入网关向Radius服务器发送停止计费请求报文,并执行步骤309;Step 307: Send an instruction to the access gateway, instruct the access gateway to send a stop charging request message to the Radius server, and perform step 309;
步骤309:Portal服务器在收到接入网关返回的来自Radius服务器的停止计费响应报文后,向接入网关发送Challenge请求报文。Step 309: After receiving the stop-accounting response message from the Radius server returned by the access gateway, the Portal server sends a Challenge request message to the access gateway.
Portal服务器判断与该MAC地址对应的账号与所述本次登录账号相同,说明该终端已经使用账号进行了登陆,本次是使用同一账号进行重复登陆,因此,执行上述步骤307和步骤309,以达到使已在线账号下线,重新上线该账号的目的。The Portal server judges that the account corresponding to the MAC address is the same as the login account described this time, indicating that the terminal has already used the account to log in, and this time the same account is used to log in repeatedly. Therefore, the above steps 307 and 309 are executed to achieve To achieve the purpose of taking the online account offline and re-opening the account.
Portal服务器判断与该MAC地址对应的账号与所述本次登录账号是否相同,说明该终端已经使用了一个账号(即已在线账号)进行了登陆,本次是使用另一账号(即本次登录账号)进行登陆,由于同一终端不能同时登陆两个账号,因此,执行下述步骤308和步骤401和步骤402,以达到使该已在线账号下线后再重新启动该已在线账号的上线登录流程的目的;或者执行下述步骤308和步骤501-步骤504,以达到使该已在线账号下线,启动所述本次登录账号的上线登录流程的目的;The Portal server judges whether the account corresponding to the MAC address is the same as the login account described this time, indicating that the terminal has already used an account (that is, an online account) to log in, and this time it is using another account (that is, this login account). account) to log in, because the same terminal cannot log in two accounts at the same time, therefore, perform the following steps 308, 401, and 402 to achieve the online login process of restarting the online account after the online account is offline or perform the following steps 308 and 501 to 504 to achieve the purpose of deactivating the online account and starting the online login process of the current login account;
步骤308:向所述终端推送包含“已在线,账号为所述与该MAC地址对应的账号,请选择已在线账号登录或本次登录账号登录”信息的页面;Step 308: push a page to the terminal containing the information "already online, the account is the account corresponding to the MAC address, please select the online account to log in or the current login account to log in";
Portal服务器在接收到终端发送的本次登录账号登录信息时,执行以下步骤401和步骤402:When the Portal server receives the current login account login information sent by the terminal, it performs the following steps 401 and 402:
步骤401:向Radius服务器发送指示,指示接入网关向Radius服务器发送停止计费请求报文,以停止对所述已在线账号的计费;Step 401: Send an instruction to the Radius server, instructing the access gateway to send a stop charging request message to the Radius server, so as to stop charging the online account;
步骤402:在收到接入网关返回的来自Radius服务器的停止计费响应报文后,向接入网关发送Challenge请求报文;Step 402: After receiving the stop accounting response message from the Radius server returned by the access gateway, send a Challenge request message to the access gateway;
Portal服务器在接收到终端发送的已在线账号登录信息时,执行以下步骤501-步骤504:When the Portal server receives the online account login information sent by the terminal, it performs the following steps 501-step 504:
步骤501:向终端推送Portal登录页面,请用户输入已在线账号的密码;Step 501: Push the Portal login page to the terminal, asking the user to input the password of the online account;
步骤502:接收终端发送的携带已在线账号和已在线账号的密码的登录请求;Step 502: receiving a login request sent by the terminal and carrying the online account and the password of the online account;
步骤503:向接入网关发送下线指示,指示接入网关向Radius服务器发送停止计费请求报文,以停止对所述已在线账号的计费;Step 503: Send an offline instruction to the access gateway, instructing the access gateway to send a stop charging request message to the Radius server to stop charging the online account;
步骤504:在收到接入网关返回的来自Radius服务器的停止计费响应报文后,向接入网关发送Challenge请求报文。Step 504: After receiving the stop-accounting response message from the Radius server returned by the access gateway, send a Challenge request message to the access gateway.
较优的,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态具体包括:Preferably, determining the IP address status of the IP address and the MAC address status of the MAC address specifically includes:
在Portal服务器本地维护了账号、IP地址状态和MAC地址状态之间的对应关系时,Portal服务器利用本地维护的所述对应关系,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态;When the Portal server locally maintains the corresponding relationship between the account number, the IP address status and the MAC address status, the Portal server utilizes the locally maintained corresponding relationship to determine the IP address status of the IP address and the MAC address of the MAC address state;
在Portal服务器本地没有维护账号、IP地址状态和MAC地址状态之间的对应关系时,Portal服务器向远程用户拨号认证系统Radius服务器发送携带所述登陆请求报文中的账号、IP地址和MAC地址的查询用户计费信息请求报文,并根据Radius服务器返回的携带所述IP地址的IP地址状态和所述MAC地址的MAC地址状态信息的查询响应报文,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态,所述Radius服务器中维护了账号、IP地址状态和MAC地址状态之间的对应关系。When the Portal server does not locally maintain the corresponding relationship between the account number, the IP address state and the MAC address state, the Portal server sends the account number, the IP address and the MAC address in the login request message to the remote user dial-up authentication system Radius server. Query the user billing information request message, and according to the query response message of the IP address status of the IP address and the MAC address status information of the MAC address returned by the Radius server, determine the IP address status and status of the IP address The MAC address state of the MAC address, the Radius server maintains the corresponding relationship between the account, the IP address state and the MAC address state.
较优的,所述Portal服务器确定与该MAC地址对应的账号与所述本次登录账号是否相同,具体包括:Preferably, the Portal server determines whether the account corresponding to the MAC address is the same as the current login account, specifically including:
在Portal服务器本地维护了账号、IP地址状态和MAC地址状态之间的对应关系时,Portal服务器利用本地维护的所述对应关系,确定该MAC地址对应的账号,并将该MAC地址对应的账号与所述本次登录账号相比较;When the Portal server locally maintained the corresponding relationship between the account number, the IP address status and the MAC address status, the Portal server utilized the locally maintained corresponding relationship to determine the account corresponding to the MAC address, and the account corresponding to the MAC address and Compared with the current login account;
在Portal服务器本地没有维护账号、IP地址状态和MAC地址状态之间的对应关系时,Portal服务器向Radius服务器发送携带所述本次账号、IP地址和MAC地址的查询用户计费信息请求报文,并接收Radius服务器返回的携带所述MAC地址在线、所述MAC地址对应的账号与所述本次登录账号是否相同的查询响应报文,所述Radius服务器中维护了账号、IP地址状态和MAC地址状态之间的对应关系。When the Portal server locally does not maintain the corresponding relationship between the account number, the IP address state and the MAC address state, the Portal server sends to the Radius server the inquiry user charging information request message carrying the account number, the IP address and the MAC address, And receive the inquiry response message that carries described MAC address online that Radius server returns, and the account corresponding to described MAC address is identical with described this login account number, has maintained account number, IP address status and MAC address in the Radius server Correspondence between states.
由于现有的Radius服务器中存储了账号、IP地址状态和MAC地址状态之间的对应关系信息,因此,本发明实施例在Portal服务器本地没有存储所述对应关系信息时,本发明实施例中Radius服务器在返回查询响应报文时,巧妙地将MAC地址状态、IP地址状态、以及本次登录账号与MAC地址已在线(如果有)是否相同携带在该查询响应报文中,既把这些信息传递给了Portal服务器,又不影响现有的查询用户计费信息报文的交互,也不用使用额外的请求报文来获取这些信息。Since the existing Radius server stores the corresponding relationship information between account number, IP address status and MAC address status, therefore, when the Portal server does not locally store the corresponding relationship information in the embodiment of the present invention, the Radius in the embodiment of the present invention When the server returns the query response message, it cleverly carries the MAC address status, IP address status, and whether the login account and the MAC address are online (if any) are the same in the query response message. It is given to the Portal server, without affecting the interaction of the existing query user billing information messages, and without using additional request messages to obtain these information.
图4所示的Web认证用户登录方法与上述图3中的流程本质相同,是较为简化的一个流程图,能简明清楚地说明本发明实施例的方案,包括以下步骤:The Web authentication user login method shown in Figure 4 is essentially the same as the process in Figure 3 above, and is a relatively simplified flow chart that can clearly and concisely illustrate the solution of the embodiment of the present invention, including the following steps:
步骤601:Portal服务器判断IP地址状态是否为认证过程中或者MAC地址状态为认证过程中;若是,则结束;否则,执行步骤602;Step 601: the Portal server judges whether the IP address status is in the authentication process or the MAC address status is in the authentication process; if so, then end; otherwise, execute step 602;
步骤602:Portal服务器判断IP地址状态是否为在线,若判断结果为否,则执行步骤603;若判断结果为是,则执行步骤605;Step 602: the Portal server judges whether the IP address status is online, if the judgment result is no, then execute step 603; if the judgment result is yes, then execute step 605;
步骤603:Portal服务器判断MAC地址状态是否为在线,若判断结果为否,则执行步骤604;若判断结果为是,则执行步骤607;Step 603: the Portal server judges whether the MAC address status is online, if the judgment result is no, then execute step 604; if the judgment result is yes, then execute step 607;
步骤604:Portal服务器启动上线流程;Step 604: the Portal server starts the online process;
步骤605:Portal服务器推送“请重新输入账号信息”,将终端重定向至www.10086.CN,并执行步骤606;Step 605: The Portal server pushes "Please re-enter account information", redirects the terminal to www.10086.CN, and executes Step 606;
步骤606:终端重定向至Portal登录页面;Step 606: the terminal is redirected to the Portal login page;
步骤607:Portal服务器判断新账号(也即本次登录账号)与已在线账号是否相同;若判断结果为是,则执行步骤608;若判断结果为否,则执行步骤610;Step 607: the Portal server judges whether the new account number (that is, the login account number) is the same as the online account number; if the judgment result is yes, then execute step 608; if the judgment result is no, then execute step 610;
步骤608:Portal服务器执行已在线账号下线操作,并执行步骤609;Step 608: the Portal server executes the offline operation of the online account, and executes step 609;
步骤609:Portal服务器启动新账号上线操作;Step 609: the Portal server starts the online operation of the new account;
步骤610:Portal服务器推送“已在线,账号****,请选择用新账号登录/用已在线账号登录”,并执行步骤611;Step 610: The Portal server pushes "Already online, account ****, please choose to log in with a new account/login with an already online account", and execute step 611;
步骤611:终端进行选择;若选择新账号登录,则执行步骤612;若选择用已在线账号登录,则执行步骤614;Step 611: The terminal makes a selection; if a new account is selected to log in, then step 612 is executed; if an online account is selected to log in, then step 614 is executed;
步骤612:Portal服务器执行已在线账号下线操作;并执行步骤613;Step 612: the Portal server executes the offline operation of the online account; and executes step 613;
步骤613:Portal服务器执行启动新账号的上线流程;Step 613: the Portal server executes the online process of starting a new account;
步骤614:Portal服务器向终端推送请输入已在线账号的密码;并在接收到终端的携带已在线账号密码的登录请求后执行步骤615;Step 614: The Portal server pushes to the terminal, please enter the password of the online account; and after receiving the terminal's login request carrying the password of the online account, execute step 615;
步骤615:Portal服务器执行已在线账号下线操作和已在线账号上线流程。Step 615: the Portal server executes the online account offline operation and the online account online process.
图5所示是本发明实施例的Web信令交互流程图;Portal服务器从Radius服务器获取MAC地址状态、IP地址状态、以及本次登录账号与MAC地址已在线(如果有)是否相同信息;具体包括以下步骤:What Fig. 5 shows is the interactive flowchart of Web signaling of the embodiment of the present invention; Portal server obtains MAC address state, IP address state and this login account number and MAC address online (if any) from Radius server whether identical information; Specifically Include the following steps:
步骤701至步骤705与背景技术中的步骤101至步骤105相同,这里不再赘述;Step 701 to step 705 are the same as step 101 to step 105 in the background technology, and will not be repeated here;
步骤706:Portal服务器向Radius服务器发送查询用户计费信息;Step 706: the Portal server sends an inquiry user billing information to the Radius server;
步骤707:Radius服务器向Portal服务器返回查询结果,该查询结果中包含该终端的MAC地址状态、该终端的IP地址状态、以及本次登录账号与所述MAC地址已在线(如果有)是否相同信息;Step 707: The Radius server returns the query result to the Portal server, which includes the MAC address status of the terminal, the IP address status of the terminal, and whether the login account and the MAC address are already online (if any) are the same information ;
步骤708:此后Portal服务器根据查询结果进行不同的信令交互;具体包括以下4种信令交互:Step 708: Thereafter, the Portal server performs different signaling interactions according to the query results; specifically, the following 4 signaling interactions are included:
1)IP地址在线时:1) When the IP address is online:
Portal服务器向终端推送“请重新输入账号信息”;The Portal server pushes "Please re-enter account information" to the terminal;
终端向Portal服务器发送“确定”;The terminal sends "OK" to the Portal server;
Portal服务器将终端重定向至www.10086.cn;The Portal server redirects the terminal to www.10086.cn;
终端被重定向至Portal登录页面,重新流转上线流程;The terminal is redirected to the Portal login page, and the online process is re-flowed;
2)MAC地址在线,账号相同时:2) When the MAC address is online and the accounts are the same:
Portal服务器向接入网关发送下线指示,向接入网关将IP地址状态改变为下线;The Portal server sends an offline instruction to the access gateway, and changes the status of the IP address to the access gateway to be offline;
接入网关向Radius服务器发送停止计费报文;The access gateway sends a stop accounting message to the Radius server;
下线完毕后向接入网关发送Challenge请求报文;Send a Challenge request message to the access gateway after going offline;
3)MAC地址在线,账号不相同时:3) When the MAC address is online and the accounts are different:
Portal服务器向终端推送“已在线,账号****,请选择本次登录账号登录/已在线账号登录”;The Portal server pushes to the terminal "Already online, account ****, please select this login account to log in/log in with an online account";
终端向Portal服务器发送选择结果;The terminal sends the selection result to the Portal server;
3.1)在选择结果为已在线账号登录时:3.1) When the selection result is an online account login:
Portal服务器向终端推送页面请输入已在线帐号的密码;The Portal server pushes the page to the terminal, please enter the password of the online account;
终端接收用户输入的密码,向Portal服务器发送请求登录;The terminal receives the password entered by the user and sends a login request to the Portal server;
Portal服务器向接入网关发送下线指示,接入网关将IP地址状态改变为下线;The Portal server sends an offline instruction to the access gateway, and the access gateway changes the IP address status to offline;
接入网关向Radius服务器发送停止计费报文;The access gateway sends a stop accounting message to the Radius server;
下线完毕后向接入网关发送Challenge请求报文;Send a Challenge request message to the access gateway after going offline;
3.2)在选择结果为本次登录账号登录时:3.2) When the selection result is this login account login:
Portal服务器向接入网关发送下线指示,接入网关将IP地址状态改变为下线;The Portal server sends an offline instruction to the access gateway, and the access gateway changes the IP address status to offline;
接入网关向Radius服务器发送停止计费报文;The access gateway sends a stop accounting message to the Radius server;
下线完毕后向接入网关发送Challenge请求报文;Send a Challenge request message to the access gateway after going offline;
4)MAC地址和IP地址均不在线4) MAC address and IP address are not online
向接入网关发送Challenge请求报文;Send a Challenge request message to the access gateway;
步骤709-步骤715与背景技术中的步骤109-步骤115相同,这里不再赘述。Step 709 to step 715 are the same as step 109 to step 115 in the background art, and will not be repeated here.
本发明实施例还提出一种Portal服务器,其结构示意图如图6所示,包括:接收单元61、确定单元62和发送单元63,其中:The embodiment of the present invention also proposes a Portal server, the structural diagram of which is shown in Figure 6, including: a receiving unit 61, a determining unit 62, and a sending unit 63, wherein:
接收单元61,用于接收终端发送的携带本次登录账号、该终端的IP地址和该终端的MAC地址信息的登陆请求报文;The receiving unit 61 is configured to receive a login request message sent by the terminal and carrying the current login account, the terminal's IP address and the terminal's MAC address information;
确定单元62,用于确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态,所述IP地址状态和MAC地址状态均包括:不在线、在线和认证过程中;The determination unit 62 is configured to determine the IP address state of the IP address and the MAC address state of the MAC address, and the IP address state and the MAC address state both include: offline, online, and in the authentication process;
发送单元63,用于在确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态均为不在线时,向接入网关发送挑战Challenge请求报文。The sending unit 63 is configured to send a challenge request message to the access gateway when it is determined that both the IP address status of the IP address and the MAC address status of the MAC address are offline.
较优的,所述确定单元62,具体用于在本地维护了账号、IP地址状态和MAC地址状态之间的对应关系时,利用本地维护的所述对应关系,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态;在本地没有维护账号、IP地址状态和MAC地址状态之间的对应关系时,向远程用户拨号认证系统Radius服务器发送携带所述登陆请求报文中的账号、IP地址和MAC地址的查询用户计费信息请求报文,并根据Radius服务器返回的携带所述IP地址的IP地址状态和所述MAC地址的MAC地址状态信息的查询响应报文,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态,所述Radius服务器中维护了账号、IP地址状态和MAC地址状态之间的对应关系。Preferably, the determining unit 62 is specifically configured to determine the IP address of the IP address by using the locally maintained corresponding relationship when the corresponding relationship between the account, the IP address status and the MAC address status is maintained locally. state and the MAC address state of the MAC address; when there is no corresponding relationship between the maintenance account, IP address state and MAC address state locally, send the account number in the login request message to the remote user dial-up authentication system Radius server , IP address and MAC address query user billing information request message, and according to the query response message carrying the IP address status of the IP address and the MAC address status information of the MAC address returned by the Radius server, determine the The IP address state of the IP address and the MAC address state of the MAC address, the corresponding relationship between the account number, the IP address state and the MAC address state is maintained in the Radius server.
较优的,所述发送单元63,还用于在确定单元确定IP地址状态为在线时,向所述终端推送“请重新输入账号信息”的页面;Preferably, the sending unit 63 is further configured to push a page of "Please re-enter account information" to the terminal when the determining unit determines that the IP address status is online;
接收单元61,还用于接收终端的确定重新输入账号信息;The receiving unit 61 is also used to receive the determination of the terminal to re-input the account information;
所述Portal服务器还包括:Described Portal server also includes:
重定向单元64,用于在接收到终端的确定重新输入账号信息时,将终端重定向至Portal登录页面。The redirection unit 64 is configured to redirect the terminal to the Portal login page when receiving a confirmation from the terminal to re-enter the account information.
较优的,所述确定单元62,还用于在确定MAC地址状态为在线时,确定与该MAC地址对应的账号与所述本次登录账号是否相同;Preferably, the determining unit 62 is further configured to determine whether the account corresponding to the MAC address is the same as the current login account when determining that the status of the MAC address is online;
所述发送单元63,还用于在确定单元确定与该MAC地址对应的账号与所述本次登录账号相同时,向接入网关发送指示,指示接入网关向Radius服务器发送停止计费请求报文;以及在接收单元收到接入网关返回的来自Radius服务器的停止计费响应报文后,向接入网关发送挑战Challenge请求报文;The sending unit 63 is also configured to send an instruction to the access gateway when the determining unit determines that the account corresponding to the MAC address is the same as the login account, indicating that the access gateway sends a stop charging request report to the Radius server. text; and after the receiving unit receives the stop accounting response message from the Radius server returned by the access gateway, it sends a Challenge request message to the access gateway;
所述接收单元61,还用于接收接入网关返回的来自Radius服务器的停止计费响应报文。The receiving unit 61 is further configured to receive a stop-accounting response message from the Radius server returned by the access gateway.
较优的,所述发送单元63,还用于在确定与该MAC地址对应的账号与所述本次登录账号不相同时,向所述终端推送包含“已在线,已在线账号为所述与该MAC地址对应的账号,请选择已在线账号登录或所述本次登录账号登录”信息的页面;Preferably, the sending unit 63 is further configured to, when it is determined that the account corresponding to the MAC address is not the same as the current login account, push to the terminal a message containing "already online, the online account is the For the account corresponding to the MAC address, please select the page where you have already logged in with an online account or the "login with this login account" information;
所述接收单元61,还用于接收终端发送的已在线账号登录信息和本次账号登录信息,以及接收终端发送的携带已在线账号和已在线账号的密码的登录请求;The receiving unit 61 is also used to receive the online account login information and current account login information sent by the terminal, and receive the login request carrying the online account and the password of the online account sent by the terminal;
所述发送单元63,还用于在接收到终端发送的本次登录账号登录的信息或者在接收到终端发送的携带已在线账号和已在线账号的密码的登录请求时,向接入网关发送指示,指示接入网关向Radius服务器发送停止计费请求报文;在接收到终端发送的已在线账号登录的信息时,向终端推送Portal登录页面,请用户输入已在线账号的密码,以及在接收单元接收到终端发送的携带已在线账号和已在线账号的密码的登录请求时,向接入网关发送指示,指示接入网关向Radius服务器发送停止计费请求报文。The sending unit 63 is further configured to send an instruction to the access gateway when receiving information about the current login account login sent by the terminal or receiving a login request that carries an online account and a password of the online account sent by the terminal , instructing the access gateway to send a stop-accounting request message to the Radius server; when receiving the online account login information sent by the terminal, push the Portal login page to the terminal, asking the user to enter the password of the online account, and in the receiving unit When receiving the login request carrying the online account and the password of the online account sent by the terminal, an instruction is sent to the access gateway, instructing the access gateway to send a stop charging request message to the Radius server.
较优的,所述确定单元62,具体用于在本地维护了账号、IP地址状态和MAC地址状态之间的对应关系时,利用本地维护的所述对应关系,确定该MAC地址对应的账号,并将该MAC地址对应的账号与所述本次登录账号相比较;在本地没有维护账号、IP地址状态和MAC地址状态之间的对应关系时,向远程用户拨号认证系统Radius服务器发送携带所述本次账号、IP地址和MAC地址的查询用户计费信息请求报文,并接收Radius服务器返回的携带所述MAC地址在线、所述MAC地址对应的账号与所述本次登录账号是否相同的查询响应报文,所述Radius服务器中维护了账号、IP地址状态和MAC地址状态之间的对应关系。Preferably, the determining unit 62 is specifically configured to determine the account corresponding to the MAC address by using the locally maintained corresponding relationship when the corresponding relationship between the account, the IP address status and the MAC address status is maintained locally, And compare the account number corresponding to the MAC address with the login account number this time; when there is no correspondence between the maintenance account number, IP address status and MAC address status locally, send the remote user dial-up authentication system Radius server carrying the This account, IP address and MAC address query user billing information request message, and receive the query that carries the MAC address online and whether the account corresponding to the MAC address is the same as the login account returned by the Radius server In response to the message, the Radius server maintains the corresponding relationship between the account, the IP address status and the MAC address status.
本发明实施例还提出一种Web认证用户登录系统,其结构示意图如图7所示,包括:其特在于,所述系统包括:终端71、Portal服务器72和接入网关73;The embodiment of the present invention also proposes a Web authentication user login system, its structural diagram is shown in Figure 7, including: the system includes: a terminal 71, a Portal server 72 and an access gateway 73;
所述终端71,用于向Portal服务器发送携带本次登录账号、该终端的IP地址和该终端的MAC地址信息的登陆请求报文;The terminal 71 is configured to send a login request message carrying the login account, the terminal's IP address and the terminal's MAC address information to the Portal server;
所述Portal服务器72,用于接收所述登陆请求报文后,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态,所述IP地址状态和MAC地址状态均包括:不在线、在线和认证过程中;以及在确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态均为不在线时,向接入网关发送挑战Challenge请求报文;The Portal server 72 is configured to determine the IP address status of the IP address and the MAC address status of the MAC address after receiving the login request message, the IP address status and the MAC address status both include: not online , online and during the authentication process; and when it is determined that both the IP address status of the IP address and the MAC address status of the MAC address are offline, sending a Challenge request message to the access gateway;
接入网关73,用于接收Portal服务器发送的Challenge请求报文。The access gateway 73 is configured to receive the Challenge request message sent by the Portal server.
较优的,在Portal服务器本地维护了账号、IP地址状态和MAC地址状态之间的对应关系时,所述Portal服务器72,具体用于利用本地维护的所述对应关系,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态;Preferably, when the Portal server locally maintains the corresponding relationship between the account number, the IP address state and the MAC address state, the Portal server 72 is specifically used to determine the IP address by using the locally maintained corresponding relationship. IP address status and the MAC address status of the MAC address;
在Portal服务器本地没有维护账号、IP地址状态和MAC地址状态之间的对应关系时,所述系统还包括:Radius服务器74;When the Portal server locally does not maintain the corresponding relationship between the account number, the IP address state and the MAC address state, the system also includes: a Radius server 74;
所述Portal服务器72,还用于向Radius服务器发送携带所述登陆请求报文中的账号、IP地址和MAC地址的查询用户计费信息请求报文,并根据Radius服务器返回的携带所述IP地址的IP地址状态和所述MAC地址的MAC地址状态信息的查询响应报文,确定所述IP地址的IP地址状态和所述MAC地址的MAC地址状态;Described Portal server 72 is also used for sending to Radius server the inquiry user billing information request message that carries the account number in the login request message, IP address and MAC address, and carries described IP address according to Radius server return A query response message of the IP address status of the IP address and the MAC address status information of the MAC address to determine the IP address status of the IP address and the MAC address status of the MAC address;
所述Radius服务器74,用于接收所述查询用户计费信息请求报文,向Portal服务器返回的携带所述IP地址的IP地址状态和所述MAC地址的MAC地址状态信息的查询响应报文,所述Radius服务器中维护了账号、IP地址状态和MAC地址状态之间的对应关系。The Radius server 74 is configured to receive the query request message for user billing information, and return the query response message carrying the IP address status of the IP address and the MAC address status information of the MAC address to the Portal server, The Radius server maintains the corresponding relationship between account number, IP address status and MAC address status.
较优的,所述Portal服务器72,还用于在确定IP地址状态为在线时,向所述终端推送“请重新输入账号信息”的页面,以及在接收到终端的确定重新输入账号信息时,将终端重定向至Portal登录页面。Preferably, the Portal server 72 is also configured to push a page of "Please re-enter account information" to the terminal when it is determined that the IP address status is online, and when receiving a confirmation from the terminal to re-enter the account information, Redirect the terminal to the Portal login page.
较优的,所述Portal服务器72,还用于在所述MAC地址的MAC地址状态为在线时,确定与该MAC地址对应的账号与所述本次登录账号是否相同;在确定与该MAC地址对应的账号与所述本次登录账号相同时,向接入网关发送指示,指示接入网关向Radius服务器发送停止计费请求报文;在收到接入网关返回的来自Radius服务器的停止计费响应报文后,向接入网关发送挑战Challenge请求报文。Preferably, the Portal server 72 is also used to determine whether the account corresponding to the MAC address is the same as the current login account when the MAC address status of the MAC address is online; When the corresponding account is the same as the login account this time, an instruction is sent to the access gateway, indicating that the access gateway sends a stop billing request message to the Radius server; after receiving the stop billing from the Radius server returned by the access gateway After the response message, send a challenge request message to the access gateway.
较优的,所述Portal服务器72,还用于在确定与该MAC地址对应的账号与所述本次登录账号不相同时,向所述终端推送包含“已在线,已在线账号为所述与该MAC地址对应的账号,请选择已在线账号登录或所述本次登录账号登录”信息的页面;以及在接收到终端发送的本次登录账号登录的信息时,执行以下操作:向接入网关发送指示,指示接入网关向Radius服务器发送停止计费请求报文,以停止对已在线账号的计费;在收到接入网关返回的来自Radius服务器的停止计费响应报文后,向接入网关发送挑战Challenge请求报文;在接收到终端发送的已在线账号登录信息时,执行以下操作:向终端推送Portal登录页面,请用户输入已在线账号的密码;接收终端发送的携带已在线账号和已在线账号的密码的登录请求;向接入网关发送指示,指示接入网关向Radius服务器发送停止计费请求报文;在收到接入网关返回的来自Radius服务器的停止计费响应报文后,向接入网关发送挑战Challenge请求报文。Preferably, the Portal server 72 is further configured to, when it is determined that the account corresponding to the MAC address is not the same as the login account this time, push to the terminal a message containing "already online, the online account is the For the account corresponding to the MAC address, please select the page where you have already logged in with the online account or the "login with the current login account" information; and when receiving the information about the login with the current login account sent by the terminal, perform the following operations: Send an instruction to instruct the access gateway to send a stop accounting request message to the Radius server to stop accounting for the online account; after receiving the stop accounting response message from the Radius server returned by the access gateway, send The ingress gateway sends a challenge request message; when receiving the online account login information sent by the terminal, perform the following operations: push the Portal login page to the terminal, and ask the user to enter the password of the online account; receive the online account information sent by the terminal and the login request of the password of the online account; send an instruction to the access gateway to instruct the access gateway to send a stop accounting request message to the Radius server; after receiving the stop accounting response message from the Radius server returned by the access gateway After that, send a challenge request packet to the access gateway.
较优的,所述Portal服务器72,具体用于在本地维护了账号、IP地址状态和MAC地址状态之间的对应关系时,Portal服务器利用本地维护的所述对应关系,确定该MAC地址对应的账号,并将该MAC地址对应的账号与所述本次登录账号相比较;在本地没有维护账号、IP地址状态和MAC地址状态之间的对应关系时,向远程用户拨号认证系统Radius服务器发送携带所述本次账号、IP地址和MAC地址的查询用户计费信息请求报文,并接收Radius服务器返回的携带所述MAC地址在线、所述MAC地址对应的账号与所述本次登录账号是否相同的查询响应报文,所述Radius服务器中维护了账号、IP地址状态和MAC地址状态之间的对应关系。Preferably, the Portal server 72 is specifically configured to locally maintain the corresponding relationship between the account number, the IP address status and the MAC address status, and the Portal server utilizes the locally maintained corresponding relationship to determine the corresponding MAC address. Account, and the account corresponding to the MAC address is compared with the account number for this login; when there is no correspondence between the maintenance account, IP address status and MAC address status locally, send a packet to the Radius server of the remote user dial-up authentication system. The current account number, IP address and MAC address query user billing information request message, and receive the return of the Radius server carrying the MAC address online, whether the account corresponding to the MAC address is the same as the current login account In the query response message, the Radius server maintains the corresponding relationship between the account number, IP address status and MAC address status.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
尽管已描述了本申请的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本申请范围的所有变更和修改。While preferred embodiments of the present application have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, the appended claims are intended to be construed to cover the preferred embodiment and all changes and modifications which fall within the scope of the application.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations.
Claims (18)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410045084.0A CN104837134B (en) | 2014-02-07 | 2014-02-07 | A kind of web authentication user login method, equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410045084.0A CN104837134B (en) | 2014-02-07 | 2014-02-07 | A kind of web authentication user login method, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104837134A CN104837134A (en) | 2015-08-12 |
| CN104837134B true CN104837134B (en) | 2018-06-26 |
Family
ID=53814712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410045084.0A Active CN104837134B (en) | 2014-02-07 | 2014-02-07 | A kind of web authentication user login method, equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104837134B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105262639B (en) * | 2015-09-16 | 2019-07-26 | 上海斐讯数据通信技术有限公司 | Detect the method and system of network element presence |
| CN110650448A (en) * | 2019-09-03 | 2020-01-03 | 怀化学院 | A call management system and method for a mobile communication terminal |
| CN111031053B (en) * | 2019-12-17 | 2022-06-21 | 迈普通信技术股份有限公司 | Identity authentication method and device, electronic equipment and readable storage medium |
| CN113992458A (en) * | 2021-10-21 | 2022-01-28 | 中国电信股份有限公司 | Information verification method, device, medium and electronic equipment in dial-up networking process |
| CN114416195B (en) * | 2021-12-24 | 2023-08-18 | 青岛海尔科技有限公司 | A H5 page loading method, device, intelligent terminal and server |
| CN114422217B (en) * | 2021-12-31 | 2025-02-11 | 中国电信股份有限公司 | A dial-up authentication method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771540A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | User authentication method, device and system |
| CN102480729A (en) * | 2010-11-22 | 2012-05-30 | 中兴通讯股份有限公司 | Method and access point for preventing counterfeit users in wireless access network |
| WO2013023470A1 (en) * | 2011-08-18 | 2013-02-21 | Hangzhou H3C Technologies Co., Ltd. | Portal authentication method and access controller |
| CN103297967A (en) * | 2012-02-28 | 2013-09-11 | 中国移动通信集团公司 | Method, device and system for user authentication in access of wireless local area network |
-
2014
- 2014-02-07 CN CN201410045084.0A patent/CN104837134B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771540A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | User authentication method, device and system |
| CN102480729A (en) * | 2010-11-22 | 2012-05-30 | 中兴通讯股份有限公司 | Method and access point for preventing counterfeit users in wireless access network |
| WO2013023470A1 (en) * | 2011-08-18 | 2013-02-21 | Hangzhou H3C Technologies Co., Ltd. | Portal authentication method and access controller |
| CN103297967A (en) * | 2012-02-28 | 2013-09-11 | 中国移动通信集团公司 | Method, device and system for user authentication in access of wireless local area network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104837134A (en) | 2015-08-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104811462B (en) | A kind of access gateway reorientation method and access gateway | |
| US20220353268A1 (en) | Centralized authentication for granting access to online services | |
| CN104837134B (en) | A kind of web authentication user login method, equipment and system | |
| CN103746812B (en) | A kind of access authentication method and system | |
| US20190124076A1 (en) | Method and system for verifying an account operation | |
| EP3013086B1 (en) | Method, apparatus and electronic device for connection management | |
| US9059958B2 (en) | User registration method, interaction method and related devices | |
| JP5693576B2 (en) | Managing instant messaging sessions | |
| US10693856B2 (en) | Automatic authentication switching in online live chat applications | |
| US10419431B2 (en) | Preventing cross-site request forgery using environment fingerprints of a client device | |
| CN106656952B (en) | Authentication method, device and system for login equipment | |
| CN107086979B (en) | User terminal verification login method and device | |
| CN104580553B (en) | Method and device for identifying network address translation equipment | |
| US20160127369A1 (en) | Method, device and system for user authentication | |
| WO2016049197A1 (en) | Payment verification method, apparatus and system | |
| CN102710659B (en) | Wireless access equipment and automatic authentication method | |
| CN106559405B (en) | Portal authentication method and equipment | |
| CN113341798A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
| US9742784B2 (en) | Account registration and login method, and network attached storage system using the same | |
| CN104821940A (en) | Method and equipment for sending portal redirected address | |
| CN103874065A (en) | Method and device for judging user position abnormity | |
| WO2012126286A1 (en) | Aaa server status detection method and system | |
| CN102624724B (en) | Security gateway and method for securely logging in server by gateway | |
| KR20130077682A (en) | Recording medium, method and system for log-in confirmation use of smart phone | |
| CN107634969B (en) | Data interaction method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |