this CAN be relatively simple. Implement "normal" authentication and configure the "guest" use in a way he can browse as desired. Now add a new rule that says something like
URL.Destination.IP equals 10.10.10.10
Authentication.Username equals "guest"
then call action "Authenticate".
Basically the user guest can browse around as he wishes. The browser will always send "guest" as the user name. As soon as you go to 10.10.10.10 while being "guest" MWG will no longer accepts this request and send a 407 response code to the browser, asking him to authenticate. Because the browser already sent credentials which are now no longer valid it will show a popup which allows you to enter different credentials.
If you use a different user than "guest" you will be able to browse the URL. The browser will remind the new credentials and use them until you close the browser.
- I was not able to find a way to use a web based form to catch new credentials. It only seems to work with the default browser popup window.
- Once you "became" a different user all requests to other URLs will be done in the name of this new user, until you close the browser and login as guest again
- If you forget to close the browser there is no "timeout", so if someone logs in and goes away without closing the browser someone else can come and continue accessing 10.10.10.10 without being prompted again