WifiDOG是一個熱點系統，包含了認證伺服器和客戶端兩部分組成，認證原理大體說下：

General Flow Description:
一般流程描述：
①The client does his initial request, as if he was already connected, (e.g.: http://www.google.ca)
客戶端發出初始化請求，比如訪問 www.google.ca 這個站點

②The Gateway's firewall rules mangle the request to redirect it to a local port on the Gateway. When that's the done, the Gateway provides an HTTP Redirect reply that contains the Gateway ID, Gateway FQDN and other informations
閘道器的防火牆規則將這個請求重定向到本地閘道器的埠上。當做完這個工作，閘道器提供一個HTTP重定向回覆，包含了Gateway的ID，Gateway的FQDN以及其他的資訊。

③The Client does his request to the Auth Server as specified by the Gateway, see Login Protocol
使用者向認證伺服器發出認證請求

http://auth_server/login?
gw_id=[GatewayID, default: "default"]
gw_address=[GatewayAddress, internal IP of router]
gw_port=[GatewayPort, port that wifidog Gateway is listening on]
url=[user requested url]
 

④The Gateway replies with a (potentially custom) splash (login) page
閘道器返回一個（可以是自定義的）splash（也稱作“登入”）頁面

⑤The Client provides his identification informations (username and password)
使用者提供他的憑據資訊，比如使用者名稱和密碼

⑥Upon succesful authentication, the client gets an HTTP Redirect to the Gateway's own web server with his authentication proof (a one-time token), 

⑦The Client then connects to the Gateway and thus gives it his token
使用者就是用獲取到的憑據訪問閘道器

⑧The Gateway requests validation of the token from the Auth Server, see Client Protocol【見登入心跳】
閘道器去認證伺服器詢問token的有效性

⑨The Auth Server confirms the token
認證伺服器確認token的有效性

①①The Gateway then sends a redirect to the Client to obtain the Success Page from the Auth Server, redirects to http://auth_server/portal/
閘道器傳送重定向給客戶端，以從認證伺服器上獲取 成功提示頁面，重定向到 http://auth_server/portal/這個位置

①②The Auth Server notifies the Client that his request was successful
認證伺服器通知客戶請求成功，可以上網了

這個是原理圖，大概需要11步才能完成認證，這種token認證方式有個好處，可以第三方認證後然後到wifidog的認證伺服器取一個有效的token給使用者，實現與第三方認證的整合。