We have been trying to figure out a simple mechanism to provide two factor authentication to our Extranet Access Point. Our configuration uses an inside SBE server, AD authentication and the Extranet Server Access Point (in a DMZ) to serve applications. Our applications all use section access security to limit data for a particular user authenticated against AD.
Ideally, what we would like is for a user to login to the Extranet Server Access Point using their AD credentials. Once they have been authenticated, we would like to present a secondary challenge before launching the application. An alternative, would be once the user has been authenticated; they would be presented with a secondary challenge within the application before any objects would be accessible (other than the challenging object).
What are the preferred mechanism for two factor authentication with the SBE/Extranet combination. Is there any documentation, or examples?