tags:

views:

458

answers:

2
+1  Q: 

Logging into a corporate captive portal with a native iPhone app

I am working on a native iPhone app that needs to be able to automatically (in the background) sign into a captive portal on a company's large WiFi network before accessing the net. The captive portal is a simple HTTPS page with username and passsword form that authenticates then allows access to the Internet.

The hope is that the user will enter their password and username into the App once and then the credentials will be reused whenever the App is started next time.

How can I verify that the captive portal being presented by the WiFi connection is actually the company's portal and not a rogue base station? I am worried that an unscrupulous person would be able to masquerade as the portal and steal login credentials.

I thought I might be able to allow the user to confirm and save the certificate for the portal the first time they use the app and check the certificate against the domain name of the portal, will that be enough?

I haven't been able to find any about web authorisation beyond the 401/407 HTTP responses handled by CFHTTPAuthentication, and the portal doesn't send those.

Thanks!

+1  A: 

If you know the domain name of the captive portal, it's enough to compare the domain which you get from the redirect against the one you know (and which might be hardcoded into you app).

You can absolutely rely on https about the identity of the server, if the domain name is right.

Nikolai Ruhe  2009-06-07 06:19:11
Thanks Nikolai. Looks like Apple might be supporting this natively soon? If you look at http://www.apple.com/iphone/iphone-3g-s/more-features.html you can see Automatic Wi-Fi LoginNo need to remember every Wi-Fi password, every time. Log in to a Wi-Fi hotspot and iPhone automatically logs you in the next time you connect.
NiKUMAN  2009-06-09 23:00:13
Since I'm working on a log-me-in app this is really interesting information for me, thanks. Looks like Apple's using MobileSafari's new auto-form-fillout mechanism.
Nikolai Ruhe  2009-06-10 06:54:01
A: 

hi Nikolai,

Would you please suggest me the way to suppress the captive portal when the iPhone app connects to any wifi hotspot for the very first time. I have been trying hard to figure this out but not successful so far.

What I want is the user should use the native app I am developing to enter username and password and should not enter them in the captive portal pop up (probably a web view) which automatically gets popped up. So I need a way not to show this captive portal popup.

Thanks in advance. Any pointers are highly appreciated.

Regards, Hardik

Hardik  2010-05-26 12:12:35

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode