We are designing a .Net web application which will primarily used by employees. We are Windows environment and we would like users who log into the domain not need to subsequently log into the site but instead the site reference the logged in user's AD group affiliation to enforce security.
Some users external to our LAN will also need to access the application. If they are logged into their non-company PC we would like for them to be prompted for their AD credentials.
What is the best authentication for this? Also, how can I set my development environment (Visual Studio 2013 Pro) up to emulate this?