views:

458

answers:

2

I am working on a native iPhone app that needs to be able to automatically (in the background) sign into a captive portal on a company's large WiFi network before accessing the net. The captive portal is a simple HTTPS page with username and passsword form that authenticates then allows access to the Internet.

The hope is that the user will enter their password and username into the App once and then the credentials will be reused whenever the App is started next time.

How can I verify that the captive portal being presented by the WiFi connection is actually the company's portal and not a rogue base station? I am worried that an unscrupulous person would be able to masquerade as the portal and steal login credentials.

I thought I might be able to allow the user to confirm and save the certificate for the portal the first time they use the app and check the certificate against the domain name of the portal, will that be enough?

I haven't been able to find any about web authorisation beyond the 401/407 HTTP responses handled by CFHTTPAuthentication, and the portal doesn't send those.

Thanks!

+1  A: 

If you know the domain name of the captive portal, it's enough to compare the domain which you get from the redirect against the one you know (and which might be hardcoded into you app).

You can absolutely rely on https about the identity of the server, if the domain name is right.

Nikolai Ruhe
Thanks Nikolai. Looks like Apple might be supporting this natively soon? If you look at http://www.apple.com/iphone/iphone-3g-s/more-features.html you can see Automatic Wi-Fi LoginNo need to remember every Wi-Fi password, every time. Log in to a Wi-Fi hotspot and iPhone automatically logs you in the next time you connect.
NiKUMAN
Since I'm working on a log-me-in app this is really interesting information for me, thanks. Looks like Apple's using MobileSafari's new auto-form-fillout mechanism.
Nikolai Ruhe
A: 

hi Nikolai,

Would you please suggest me the way to suppress the captive portal when the iPhone app connects to any wifi hotspot for the very first time. I have been trying hard to figure this out but not successful so far.

What I want is the user should use the native app I am developing to enter username and password and should not enter them in the captive portal pop up (probably a web view) which automatically gets popped up. So I need a way not to show this captive portal popup.

Thanks in advance. Any pointers are highly appreciated.

Regards, Hardik

Hardik