Is there a way to create a "captive portal" using the ASA?
Basically I am looking to have a user turn on their PC and then try to get to a web site but be redirected to a page where they can be authenticated. Then either based on who they authenticate as, or any successful authentication, the ASA applies ACLs to their traffic.
This would create a situation where they cannot get anywhere until they authenticate and then maybe once they have authenticated they are allowed outbound on 80 and 443 to anywhere.
I am thinking this is possible using maybe cut-through proxy authorization and/or downloadable ACLs from the CSACS server but I am having trouble figuring out if it can really be done and if so how these pieces fit together.