Currently we have a web application that was written to be forms authentication based where the user, regardless of whether they are in the domain or not have to enter their credentials and sign in. We would like to move it from solely forms based to being a mixed mode where users inside the domain are able to login automatically using windows authentication and those outside the domain would still log in the traditional way. Regardless of how they login though the role of the user determines what they will be able to access. The app was written in ASP .NET 3.5 and the server is running IIS 6. I have looked around for some articles on how to do this but I am getting conflicting answers on whether or not this is feasible and how it can be implemented. Thanks for the help.