I posted a question (https://community.rsa.com/message/908388?commentID=908388&et=watches.email.thread#comment-908388), but it has been locked without a solution. I think my question was clear. Here I post the question and the solution. Let me know what do you think about the customer support.
I developed a client tool on vb.net to connect to one of our company webservices by parsing webpages and automating user mouse clicks.
Recently my company introduced a web authentication using RSA token key (username, password, pin+token) and now my tool don't work anymore.
Navigating with internet explorer, I can login to authentication webpage and from that moment I get access to all the company web pages (also on other servers).
How could I perform a RSA login to our webserver from my vb.net tool exactly how I do from internet explorer? If I could do this, then I can allow my tool to continue to work as it was in the past.
Actually the tool uses the system.net.httpClient to get the webpages content.
You can mark this reply, as the proper solution.
Since the tool reads webpages as they were text strings, and it uses http web requests to interact with the RSA login https webpage, the solution is to perform the proper HTTP POST request.
I found the solution by analyzing requests and resposes by means of Fiddler 4.
The need of Fiddler (and not only Wireshark) comes from the fact that RSA uses HTTPS and not HTTP, so the traffic is encrypted.
I found that we need to:
-get the RSA login homepage
-Save cookis from the obtained webpage
-Post the RSA login webpage using the credentials and the previous saved cookies.
Cookies essentially contains a unique session ID. If you inspect the received cookis you will find also these variables:
Here appended you find the code in vb.net language.
Legend:
url is a string containing the link to the homepage (that is redirected to the login webpage)
urlLogin is a string containing the link to the login webpage
data is a string containing the data to post during the login and it contains the credentials in clear. This is the format of the data string: "username=xxxxxxxx&password=yyyyyyynnnnnn&vhost=standard"
you should replace xxxxxxx with your secure access username, yyyyyy with your secure access pin and nnnnnn with your 6 digits token.