Auto redirect to login page

Okay this is probably going to be a really complicated question, but maybe someone can give me an idea on how this works.

I travel as part of my job.  When I stay at a hotel and try to open a browser to surf, I get redirected to the hotels portal rather than my home page.  Typically, there is an authentication process, but not always.  How is the redirect accomplished?

The reason I am asking is that we are working on a mobile application that will reside on an unsecure wireless network.  We can either enable security on the router (really big headache because this wireless router will be sitting on a customer network and would then require a VPN to cross networks) or run open with a redirect to our webpage to authenticate and open access to the internet.  Our application is web based and the mobile app is really nothing more that some forms that submit the data to our web site.  Our customer wouldn't be willing to spend the resource hours to set up the VPN access at all locations across the US, so we thought running an unsecure wireless connection that required some sort of portal security might be a better solutions.  
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Check out the following page on Forms Authentication in ASP.NET 2.0:

Look at the section titled 'Forms Authentication Control Flow'

It does a good job at describing the sequence of events much better than I could, granted i'm not an expert in this realm.

This process is called "Catch and Release", and the functionality is required in the wireless AP in order to accomplish it.  A device that does this is called a "captive portal"   It goes like this (it can vary, but this is the gist).

The customer connects to the unsecure AP and are given an IP address and DNS addresses as normal.  They then go to their browser and type in for example "".  This is resolved to the correct address for google, and the web browser attempts to download the main page at  The AP steps in at this point and instead of the google page, they are given a page that redirects to an authentication page stored on the AP (or some other device in the network).

The user is required to authenticate, and once they do, they are redirected back to and can surf as normal for the rest of their session.

Here is a bit more info:

There are any number of ways you can achieve this.  The cheapest end of the scale (and this does not equate to the worst) is to use an AP that can be flashed with the third party firmware DD-WRT.  This provides a few ways to do catch and release.  Linksys APs are often compatible.

Zyxel do a ready to go coffee shop style AP:

Their VSG 1200 is for larger scale solutions.

In your searching, look for "hotel hotspot" or "coffee shop hotspot" and variants to get research what you need.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sfletcher1959VPAuthor Commented:
Wow!  Exactly what I was looking for.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.