public static bool AuthenticateUser() { // 32 byte random blob of data var sessionKey = CryptoHelper.GenerateRandomBlock(32); byte[] encryptedSessionKey; // ... which is then encrypted with RSA using the Steam system's public key using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(Steam.Instance.Client.Universe))) { encryptedSessionKey = rsa.Encrypt(sessionKey); } // users hashed loginkey, AES encrypted with the sessionkey var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(Encoding.ASCII.GetBytes(WebAPIUserNonce), sessionKey); using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth")) { KeyValue result; try { result = userAuth.AuthenticateUser( steamid: Steam.Instance.Client.SteamID.ConvertToUInt64(), sessionkey: WebHelpers.UrlEncode(encryptedSessionKey), encrypted_loginkey: WebHelpers.UrlEncode(encryptedLoginKey), method: "POST", secure: true ); } catch (WebException e) { var response = (HttpWebResponse)e.Response; if (response.StatusCode == HttpStatusCode.Unauthorized || response.StatusCode == HttpStatusCode.Forbidden) { IsAuthorized = false; if (Steam.Instance.Client.IsConnected) { Steam.Instance.User.RequestWebAPIUserNonce(); } } Log.WriteWarn("WebAuth", "Failed to authenticate: {0}", e.Message); return(false); } File.WriteAllText(Path.Combine(Application.Path, "files", ".support", "cookie.txt"), $"steamLogin={result["token"].AsString()}; steamLoginSecure={result["tokensecure"].AsString()}"); Cookies = new CookieContainer(); Cookies.Add(new Cookie("steamLogin", result["token"].AsString(), "/", "store.steampowered.com")); Cookies.Add(new Cookie("steamLoginSecure", result["tokensecure"].AsString(), "/", "store.steampowered.com")); } IsAuthorized = true; Log.WriteInfo("WebAuth", "Authenticated"); TaskManager.RunAsync(async() => await AccountInfo.RefreshAppsToIdle()); return(true); }