Hi, what you can do is have Windows authentication work kinda like Forms authentication - where the Windows version just uses ADSI to validate the user details instead of whatever store you're using for FORMS. Using this method, you can identify if the machine is from the intranet (either using simple IP filter or by authenticating the machine against ADSI), you can then select the appropriate authentication method based on the source of the request - could save you from doubling your work - just write a little factory which handles the split authentication.