Is there a way to implement captive portal on windows hotspot?

Question

I am looking for a way to implement a captive portal for the windows 10 - mobile hotspot. The idea is to redirect all devices that connect to the hotspot to a webpage.

I was able to find this article which shows how to do it in linux.

But I have been unsuccessful in finding a similar one for windows. Posts like this one proved to be dead ends.

I am okay with using a simple nginx server to give 302 redirect response to clients if needed, but prefer not to use any existing software that implements a captive portal.

UPDATE

I have succeeded in triggering a captive portal on clients (linux laptop, android device etc) using a workaround.

Whenever a device connects to the hotspot it sends a request to some predefined websites to check if the wifi connection has internet access. If it gets a 302 response it generates the captive portal window.

So I added the following entries to the hosts file on windows machine.

127.0.0.1 clients3.google.com  #android
127.0.0.1 connectivitycheck.gstatic.com  #android
127.0.0.1 nmcheck.gnome.org  #ubuntu

These requests will then be resolved locally using the hosts file entries and sent to the nginx server which gives a 302 redirect to all http requests.

Answer 1

The setup I mentioned in the UPDATE above was tweaked finally to get where I wanted. I used dnschef, an open-source dns server that works perfectly as a command line client. The steps followed.

1. Start windows mobile hotspot.

2. Go to Network adapters => Select hotspot adapter => Change IPv4 settings => set 127.0.0.1 as DNS server.

3. Start dnschef with --fakeip = 192.168.137.1
4. Start an http server on 192.168.137.1 and give 302 redirect response to all requests.

And that's it! Whenever a device connects to the hotspot, it will attempt to connect to any one of the preset websites used to determine internet connectivity. These requests will be resolved locally by dnschef to our Nginx server. The Nginx server then gives a 302 redirect which triggers captive portal on the client.

Answer 2

I tried a similar approach using dnscrypt-proxy which provides dedicated captive-portal support. Since, this is nothing more than dns cloaking there are several ways to achieve, that requests to certain "connection-checking" domains are directed to a local webserver.

Unlike in the accepted answer, I figured out an even easier and more flexible way by using the windows hosts file without any third-party dns proxy. Instead of associating the connection-checking domains with localhost, I mapped them with the physical wifi accespoint ip address (which is 192.168.137.1). This causes wifi clients to directly send their connection-checking requests to the webserver, that is running on the local pc and listens to all connections on port 80.

hosts file:

192.168.137.1       captive.apple.com               
192.168.137.1       clients3.google.com     
192.168.137.1       nmcheck.gnome.org       
192.168.137.1       connectivitycheck.gstatic.com   
192.168.137.1       connectivitycheck.android.com   
192.168.137.1       www.msftncsi.com                
192.168.137.1       dns.msftncsi.com                
192.168.137.1       www.msftconnecttest.com         
192.168.137.1       ipv6.msftconnecttest.com        
192.168.137.1       ipv4only.arpa                   

This webserver (in my case asp.net core) redirects clients to a login page, unless they are already registered. In this case the webserver may answer to the calls just like the "real" servers do, that sit behind those connection-checking domains, in order not to redirect clients, that have already been logged in successfully.