• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Building my own two factor authentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Misc.] >> ISA Server Programming >> Building my own two factor authentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
Building my own two factor authentication - 3.Jan.2004 3:17:00 PM   
Ole Kristian

 

Posts: 18
Joined: 4.Aug.2002
From: Norway
Status: offline
Hi!

I want to add two factor security to some of my published servers, say citrix secure gateway and lotus domino webmail. I have looked at some of the solutions out there, but they are rather expensive. So I thought why not build our own?

What I want to do is restrict access to the published servers through a combination of windows 2000 domain/username and a one time password. This one time password will be generated at the server, and sendt to the users mobile phone on request. The mobile phone numbers will be stored in the user profiles. I have the means to generate and send the passwords, but how do I block or open a session against a published server on the isa server?
I could of course block all access to the published server by default, and open the published server for access by the ip address of the user. But this is not an optimal solution as it would also open the published server to any user behind a nat network using the same official ip address.

I hope this was not to confusing, and would really appreciate all help.

- Ole Kristian
Post #: 1
RE: Building my own two factor authentication - 8.Jan.2004 5:37:00 AM   
Jim Harrison

 

Posts: 271
Joined: 5.May2001
From: Redmond, WA
Status: offline
You'll easily spend more development and test money "rolling your own" than by purchasing a pre-existing solution...

(in reply to Ole Kristian)
Post #: 2
RE: Building my own two factor authentication - 9.Jan.2004 10:23:00 AM   
Ole Kristian

 

Posts: 18
Joined: 4.Aug.2002
From: Norway
Status: offline
I get your point, but I'm not sure that it is true in this case. A cheap token like SafeWord for citrix will set me back 99$ per user, even with discounts this would be costly with 500 users. Also, depending on the programming features of ISA server I don't think that this task is that hard to do. All you need to do is figure out a way to disconnect or allow an incoming session against one of the published servers programatically. The rest is no problem..

T. Shinder, any comments on this?

- Ole Kristian

(in reply to Ole Kristian)
Post #: 3
RE: Building my own two factor authentication - 14.Jan.2004 2:24:00 AM   
Jim Harrison

 

Posts: 271
Joined: 5.May2001
From: Redmond, WA
Status: offline
Have you examined the Feature Pack 1 SecurID solution?
It costs you $0 for the initial license and $0 per user thereafter.

http://www.microsoft.com/downloads/details.aspx?FamilyID=2f92b02c-ac49-44df-af6c-5be084b345f9&DisplayLang=en

(in reply to Ole Kristian)
Post #: 4
RE: Building my own two factor authentication - 18.Jan.2004 10:11:00 PM   
Ole Kristian

 

Posts: 18
Joined: 4.Aug.2002
From: Norway
Status: offline
Thanks for your input, but according to the FP1 documentation:
quote:
Using the Web filter for authentication for RSA SecurID, you can authenticate users, based on authentication credentials from the SecurID product from RSA.
This indicates that I need the RSA ACE/Server, and that the featurepack only supplies the integration with the product. RSA ACE/Server is far from free..

- Ole Kristian

(in reply to Ole Kristian)
Post #: 5
RE: Building my own two factor authentication - 12.Jul.2005 4:53:00 AM   
crosljam

 

Posts: 4
Joined: 12.Jul.2005
From: UK
Status: offline
Just for interest how did you get on with this - just started looking at 2 factor authentication and running into the same money issues!

Cheers, James

(in reply to Ole Kristian)
Post #: 6
RE: Building my own two factor authentication - 23.Oct.2005 2:56:00 PM   
Ole Kristian

 

Posts: 18
Joined: 4.Aug.2002
From: Norway
Status: offline
I have decided to go with the safeword solution. I have not the time to investigate this further, allthough I think my idea of using random passtokens sendt to the users mobile phone can be done securly. I think maybe the way to go would be to integrate the citrix webinterface/secure gateway against a radius server that reads the randomly generated passwords from a database.

- Ole Kristian

(in reply to Ole Kristian)
Post #: 7
RE: Building my own two factor authentication - 2.Dec.2014 3:45:35 AM   
maya628

 

Posts: 1
Joined: 2.Dec.2014
Status: offline
Hi,

I am trying to load the sample WebResponseModifier given along with Microsoft Platform SDK. The dll gets loaded but when I try to access any link through the proxy, the web filter is not invoked.

(in reply to Ole Kristian)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Misc.] >> ISA Server Programming >> Building my own two factor authentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts