I received a question from one of our customers about their SharePoint extranet security. Because they are publishing important documents on the SharePoint environment, the question raised if they could use RSA tokens to make it even more secure, combined with Forms Based Authentication (FBA).
We are using ISA server in this case and I found the question interesting to investigate and see what to options are.
So first of all, I did run into a interesting blog posting by Pranab Paul about a step by step example: SharePoint 2007 (MOSS/WSS) FBA and RSA. Also check out the posting about the HTTP Module. The challenge seems to be how to pass the credentials to SharePoint, which are entered during the RSA login.
Secondly, Pranab is also referring to ISA configuration articles for RSA:
I would suggest doing a small proof of concept using the RSA technology with SharePoint. Is it working correctly, what are the security risks, etc. It seems that there are no best practices about this topic.
Does any of you have experience on this topic? Anyway, I'll keep you posted about it!