One of my clients stores data on a third-party web app that uses
RSA's SecurID[
^] token system for authentication (more info
here[
^]). A browser toolbar is installed in IE in place of a hardware token generator, and it generates a new soft token every 60 seconds.
The user enters a username and a passcode on the site, and clicks a button on the toolbar, which automatically enters a serial number and the soft token for the user, allowing the user to log in.
I've now been asked to write a C# app to do an automated login and download of data from the site, but since it uses the SecurID system I can't just send the site a POST request with a username and password - I have to somehow generate a soft token and send it as well.
I know that the tokens are based on the virtual serial number of the soft token generator, along with the current time, etc (I'll have access to all info I'd need). But I don't know the specific algorithm used and haven't been able to find out how to generate these soft tokens from within my automation app. Is there a common algorithm I should look for, or a component I can call in my app to perform this function?