I have a web app written with .NET 2.0 using Windows Auth and links to another web app that is .NET 1.0 (Reporting Services 2000) and using Windows Auth.
The first (2.0) has a link to the second (1.0) and I would have thought would pass along the credentials but when the link (target=_blank) is pressed, it asks for authentication.
If the app (1.0) is brought up individually, it works fine with the Windows Auth passed through and no logon required.
One thing of interest is that they are in separate application pools. They exist on the same server but require separate app pools to support 1.0 and 2.0.