Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# security SecurID
One of my clients stores data on a third-party web app that uses RSA's SecurID[^] token system for authentication (more info here[^]). A browser toolbar is installed in IE in place of a hardware token generator, and it generates a new soft token every 60 seconds.
 
The user enters a username and a passcode on the site, and clicks a button on the toolbar, which automatically enters a serial number and the soft token for the user, allowing the user to log in.
 
I've now been asked to write a C# app to do an automated login and download of data from the site, but since it uses the SecurID system I can't just send the site a POST request with a username and password - I have to somehow generate a soft token and send it as well.
 
I know that the tokens are based on the virtual serial number of the soft token generator, along with the current time, etc (I'll have access to all info I'd need). But I don't know the specific algorithm used and haven't been able to find out how to generate these soft tokens from within my automation app. Is there a common algorithm I should look for, or a component I can call in my app to perform this function?
Posted 14-Nov-10 20:52pm
J. Dunlap38.1K
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

I ended up making my automation app open up IE and grab the serial number and passcode off the RSA soft token toolbar. This would be an issue for some types of apps, but it did the trick for this one.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

SecureID can only be provided by Third party who is managing it so
can u develop webservice accessable to authenticated users (like u) to get secureID for specified username from third party and for automated login purpose use those credentials. I know it is double trouble but only Third party can provide you SecurID. I know for this work around and may need approval from higher level.
  Permalink  
Comments
J. Dunlap at 17-Nov-10 17:05pm
   
If they can generate it, then given the same data, I should be able to do the same. I found some info related to generating it, but decided it was not worth the time (with a fixed budget on the project).

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web03 | 2.8.150327.1 | Last Updated 28 Oct 2011
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100