使用C#生成RSA SecurID软令牌? [英] Generate RSA SecurID soft token using C#?
问题描述
我的一位客户将数据存储在使用 RSA的SecurID [ ^ ]用于身份验证的令牌系统(更多信息其他 [ ^ ])。 IE中安装了一个浏览器工具栏代替硬件令牌生成器,它每60秒生成一个新的软令牌。
用户在网站上输入用户名和密码,然后单击工具栏上的按钮,该按钮会自动为用户输入序列号和软令牌,允许用户登录。
我现在被要求编写一个C#应用程序来自动登录并从网站下载数据,但由于它使用SecurID系统我不能只是使用用户名和密码向网站发送POST请求 - 我必须以某种方式生成一个软令牌并发送它。
我知道令牌是基于软令牌生成器的虚拟序列号,以及当前时间等(我可以访问我需要的所有信息)。但我不知道使用的具体算法,也无法从我的自动化应用程序中找到如何生成这些软令牌。是否有我应该寻找的常用算法,或者我可以在我的应用程序中调用以执行此功能的组件?
One of my clients stores data on a third-party web app that uses RSA's SecurID[^] token system for authentication (more info here[^]). A browser toolbar is installed in IE in place of a hardware token generator, and it generates a new soft token every 60 seconds.
The user enters a username and a passcode on the site, and clicks a button on the toolbar, which automatically enters a serial number and the soft token for the user, allowing the user to log in.
I've now been asked to write a C# app to do an automated login and download of data from the site, but since it uses the SecurID system I can't just send the site a POST request with a username and password - I have to somehow generate a soft token and send it as well.
I know that the tokens are based on the virtual serial number of the soft token generator, along with the current time, etc (I'll have access to all info I'd need). But I don't know the specific algorithm used and haven't been able to find out how to generate these soft tokens from within my automation app. Is there a common algorithm I should look for, or a component I can call in my app to perform this function?
推荐答案
我最终打开了自动化应用程序IE并从RSA软令牌工具栏中获取序列号和密码。对于某些类型的应用程序来说这可能是一个问题,但它确实可以解决这个问题。
I ended up making my automation app open up IE and grab the serial number and passcode off the RSA soft token toolbar. This would be an issue for some types of apps, but it did the trick for this one.
SecureID只能由管理它的第三方提供。
可以开发可访问经过身份验证的用户(如u)的webservice,以便从第三方获取指定用户名的secureID,并且为了自动登录目的,可以使用这些凭据。我知道这是双重麻烦,但只有第三方可以为您提供SecurID。我知道这项工作,可能需要更高级别的批准。
SecureID can only be provided by Third party who is managing it so
can u develop webservice accessable to authenticated users (like u) to get secureID for specified username from third party and for automated login purpose use those credentials. I know it is double trouble but only Third party can provide you SecurID. I know for this work around and may need approval from higher level.
这篇关于使用C#生成RSA SecurID软令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
