AnsweredAssumed Answered

.net Login via

Question asked by ema bac on Apr 8, 2018
Latest reply on Apr 8, 2018 by ema bac

Like • Show 0 Likes0
Comment • 1

I posted a question (https://community.rsa.com/message/908388?commentID=908388&et=watches.email.thread#comment-908388), but it has been locked without a solution. I think my question was clear. Here I post the question and the solution. Let me know what do you think about the customer support.

I developed a client tool on vb.net to connect to one of our company webservices by parsing webpages and automating user mouse clicks.

Recently my company introduced a web authentication using RSA token key (username, password, pin+token) and now my tool don't work anymore.

Navigating with internet explorer, I can login to authentication webpage and from that moment I get access to all the company web pages (also on other servers).

How could I perform a RSA login to our webserver from my vb.net tool exactly how I do from internet explorer? If I could do this, then I can allow my tool to continue to work as it was in the past.

Actually the tool uses the system.net.httpClient to get the webpages content.

No one else has this question

Outcomes

1 Reply

ema bac Apr 8, 2018 7:27 AM
Mark Correct
Correct Answer
You can mark this reply, as the proper solution.

Since the tool reads webpages as they were text strings, and it uses http web requests to interact with the RSA login https webpage, the solution is to perform the proper HTTP POST request.

I found the solution by analyzing requests and resposes by means of Fiddler 4.
The need of Fiddler (and not only Wireshark) comes from the fact that RSA uses HTTPS and not HTTP, so the traffic is encrypted.

I found that we need to:
-get the RSA login homepage
-Save cookis from the obtained webpage
-Post the RSA login webpage using the credentials and the previous saved cookies.

Cookies essentially contains a unique session ID. If you inspect the received cookis you will find also these variables:

LastMRH_Session=e0d75162; MRHSession=852087154df3e83536080a27e0d75162

Here appended you find the code in vb.net language.
Legend:
url is a string containing the link to the homepage (that is redirected to the login webpage)
urlLogin is a string containing the link to the login webpage
data is a string containing the data to post during the login and it contains the credentials in clear. This is the format of the data string: "username=xxxxxxxx&password=yyyyyyynnnnnn&vhost=standard"
you should replace xxxxxxx with your secure access username, yyyyyy with your secure access pin and nnnnnn with your 6 digits token.

            Dim request As HttpWebRequest = HttpWebRequest.Create(url)
            request.Proxy.Credentials = CredentialCache.DefaultCredentials
            request.Method = WebRequestMethods.Http.Get
            request.Accept = "text/html, application/xhtml+xml, image/jxr, */*"
            request.Headers(HttpRequestHeader.AcceptLanguage) = "en-US,en-GB;q=0.8,en;q=0.6,it-IT;q=0.4,it;q=0.2"
            'request.Headers(HttpRequestHeader.AcceptEncoding) = "gzip, deflate"
            request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"
            request.KeepAlive = True
            request.Timeout = 30000
'cookies will contain cookies from the homepage
            Dim cookies As CookieContainer = New CookieContainer()
            request.CookieContainer = cookies

            Dim response As HttpWebResponse = request.GetResponse()
'at this point the cookies structure has been filled with data from the homepage
            response.Close()
'now we can post the login request
            request = HttpWebRequest.Create(urlLogin)
'here we use the obtained cookies
            request.CookieContainer = cookies
            request.Proxy.Credentials = CredentialCache.DefaultCredentials
            request.Method = WebRequestMethods.Http.Post
            Dim DataArray() As Byte = StrToByteArray(data)
request.ContentLength = DataArray.Length
request.ContentType = "application/x-www-form-urlencoded"
            request.Accept = "*/*"
            request.Headers(HttpRequestHeader.AcceptLanguage) = "en-US,en-GB;q=0.8,en;q=0.6,it-IT;q=0.4,it;q=0.2"
            request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"
            request.KeepAlive = True
            request.Timeout = 30000
request.Referer = url
            Dim dataStream As Stream = request.GetRequestStream()
            ' Write the data to the request stream.
dataStream.Write(DataArray, 0, DataArray.Length)
            ' Close the Stream object.
            dataStream.Close()
            Dim oResponse As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse)
            Dim reader As New StreamReader(oResponse.GetResponseStream())
   'tmpstr is a string containing the html webpage after the login. reading the string you can understand if the login was successful
            Dim tmpstr As String = reader.ReadToEnd()
response.Close()
            request.Abort()
            Return tmpstr
Like • Show 0 Likes0
Actions

.net Login via

Outcomes

Related Content

Recommended Content