Ror +auth_token + c#


i have to change a desktop app written in c# to post and get some data
to/from a rails app. the railsapp uses devise.
what im doing right now is:

  1. pull up sign_in page
  2. parse 1) for auth_token
  3. post username+ pwd & auth_token
    3.1) if 3 ok > goto 4)
  4. post json data

that works all good, except that i do not provide auth_token in step4 ,
a) rails is still accepting my data. is that normal?
b) it seemsi cant not access attributes of current_user

so that leads me to say im not loggin in correctly!?