We have application that works with IIS. The application is able to retrieve windows authenticated user credentials for a login. At the moment we have one IIS website (anonymous user=disabled, windows authentication= enabled) http://server/app for domain and local users. So all those users are being authenticated automatically by application. For external users we have other website http://server:8080/app where anonymous = enabled. This causes a lot of problems with people from the 2 different groups e-mailing links to each other. We need 1 common URL (web site) that accepts local users and external users (windows authenticated and anonymous); if user is local then user credentials must be given to our application. If user is external then he must be forwarded to application login page. I already made some ISAPI filter that uses asp scripts that finds out if a user is local our external, but I cannot find out how to pass to my application user credentials like they’re passed when website is with windows authentication. Is there some better solution to this?! Thanks!