I am looking into captive portals for my organization. I see a lot of them out there that will allow a user to pass once they a.)enter credentials or b.)pay money. What I'm looking for is a bit different. Let me go into some basics about my system, I am running a windows based network using active directory and an internal DNS. I have an intranet in which our employees use daily and it uses the person's Windows credentials to authenticate them on the system.
The employees have to enter time daily, and if they don't then I would like to have a captive portal redirect them to their time entry page and not let them out into the vast internet world until their time is entered.
I am a developer so I can write a script that returns a True or False to the system, but what I need is a system that can interact with AD logons and that can run this script once a user requests access outside out network.
EDIT: I accepted an answer as the answer to my question, however, after looking into the coding for the sockets based method I do not have the time.
as a workaround, I have found that my firewall has a customizable disclaimer page that allows javascript. I will query a webservice to see if time is entered then trigger the disclaimer page's "Allow" function, otherwise i will redirect to the time entry page. seems like a simple enough solution, the only issue is if the person keeps their browser session open overnight.
Well nowadays I only really code in .NET, some of the OSS may have better ideas.
I can't see anyway of doing this without using a proxy, preferable a transparent proxy server on the gateway. There must have people who have written such things. Of course every commercial wifi hotspot has one, but you presumably want one that runs on a sever not a device.
I have no real idea about this but it is something I have thought about in the past.
You may be able to find a router/firewall box that has the feature. Microsoft IAS my have a plug in that does this (it is unlikely to be cheap). A brief look on google did not turn up much in the way of other software that does this.
Wingate - Might do it, I couldn't figure it out
Otherwise you could code a transparent proxy application (which means, unless you write embedded code, you'll need to use the app server as the default gateway), or just an ordinary proxy if you can lock down users browser proxy settings. I guess coding this is possibly not a easy option! But it is possible. You could even use IIS and ASP.NET.
iisproxy is a proxy implemeted as an IIS ISAPI filter with source code. I suspect this is in C or C++.
On Codeplex is a revrse proxy code sample. You could change it and extend to a full proxy.
You might to be able to do the whole thing with sockets and get out of the application layer altogether. This might make life simpler, so I expect there is a reason it can't be done like this! Have the sockets based proxy redirect to the non-compliant users to the time recording app, when they have filled in their time sheet just pass all the data beween the sockets transparently.
I'd be interested in what you or anyone comes up with because I've always wanted an AUP to appear with a continue box once a day to users in our office. Better still it could list how much time the user spent yesterday on face book etc. if the proxy collected that info. Just enough to alter people's behaviour I think. In fact there are loads of useful things that can be done with an easy to alter or extensible HTTP proxy.