RPC over HTTPS and SecurID

One of my “white whales” has been the ability to perform RPC over HTTPS. I think this would be great for the mobile workforce. It allows a remote user to open Outlook and directly connect to exchange without launching a VPN client. The problem is that any reasonable employer requires strong authentication for all remote access. Username and Password only just exposes the corporation too much. Ever since RPC over HTTP was announced, I’ve asked for the ability to use SecurID with it. Unfortunately what I found was that this would involve multiple design changes across ISA, Exchange and Outlook. This didn’t make it into Exchange 2007, ISA 2006 or Outlook 2007. If you’re interested in this sort of solution, please contact your Microsoft TAM and let them know.
I ran across a blog entry by Stefaan Pouseele that examines this issue more closely. He concludes that Outlook uses basic authentication and ISA can’t do Radius authentication off of basic authentication. Further Outlook RPC over HTTPS isn’t designed for a two credential logon (SecurID followed by AD as happens with the normal HTTPS logon).
For now this remains a nice dream.

One Comment

  1. Roger,
    Look at Juniper’s NetScreen SSL/VPN/. I know that it allows two factor authentication and it works with Securid.
    Maybe you could publish Outlook RPC over it. Not quite the same, but close.
    David Horvath

Comments are closed.