1 Reply
      Latest reply on Apr 13, 2017 1:50 AM by eskimo
      wispaws Level 1 Level 1 (0 points)

        I am successfull using the hotspot helper to provide passwords to hotspots that are protected with WPA2 passwords. However, I need to also be able to deliver automatic authentication for open network protected by a captive portal.

         

        From researching on this forum and other sources I understand that to achieve this I provide the appropriate response to the .evaluate process. However, I believe I have identified conflicting guidance from various sources and wish to confirm.

         

        1) What confidence response should be delivered in reponse to the .Evaluate process, none, low or high to cause transition to the authenticate process?

         

        I would have expected High if this is the network myApp wishes to manage. Low if myApp is just one of many apps that could perform the management or None if it is not a Captive portal connection. Is this correct?

         

        2) The reason I ask is that causing the transition to the .Authenticate process I do not seem to have network access to allow me to process the API calls necessary to perform authentication on the network. Is this because I am passing the wrong response to the .Evaluate or could this be another issue?

         

        3) I have also seen that one possible solution to this would be to bind the (NEHotspotHelperCommand*)cmd from the .Authenticate process to the NSMutableURLRequest making the authentication API calls using [NSMutableURLRequest bindToHotspotHelperCommand:]

         

        e.g. [NSMutableURLRequest bindToHotspotHelperCommand:cmd];

         

        As this still does not seem to be working I believe I must be misunderstanding the process but have been unable to identify my error so welcome recommendations.

         

        Graeme

        • Re: hotspothelper: no network access with captive portal
          eskimo Apple Staff Apple Staff (13,375 points)

          1) What confidence response should be delivered in reponse to the .Evaluate process, none, low or high to cause transition to the authenticate process?

          Anything other than .none.  With reference to the authentication statement machine in the docs (Figure 1-1 of Hotspot Network Subsystem Programming Guide):

          • .high and .low cause the system to follow the Captive arrow

          • .none causes the system to follow the Not Captive arrow

          I would have expected High if this is the network myApp wishes to manage. Low if myApp is just one of many apps that could perform the management or None if it is not a Captive portal connection. Is this correct?

          That’s perfectly reasonable.

          AFAIK the system doesn’t distinguish between .high and .low at this stage, but it’s reasonable for you to apply that interpretation here.

          2) The reason I ask is that causing the transition to the .Authenticate process I do not seem to have network access to allow me to process the API calls necessary to perform authentication on the network. Is this because I am passing the wrong response to the .Evaluate … ?

          No.

          As to what else might be going wrong, I don’t have anything obvious to suggest.

          3) I have also seen that one possible solution to this would be to bind the (NEHotspotHelperCommand*)cmd from the .Authenticateprocess to the NSMutableURLRequest making the authentication API calls using [NSMutableURLRequest bindToHotspotHelperCommand:]

          Yes.  That’s absolutely required if you want to issue HTTP[S] requests to the hotspot gateway itself.

          NSURLSession (and NSURLConnection) will, by default, run the request over the default route.  The Wi-Fi only becomes the default route when the authentication state machine enters the Authenticated state.  If you want to issue a request to the gateway while in the some other state, you have to use bind(to:) so that the request goes over Wi-Fi even though it’s not the default route.

          As to why that’s not working, it’s hard to say based on the info you’ve presented.  Does the request fail?  If so, what’s the error?  If you look at an RVI packet trace (per QA1176 Getting a Packet Trace), do you see a sign of the request?  If so, what interface was it run over?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"