NTLM security across domains

[InorganicMatter]

We've set up a remoted .NET application in IIS using Integrated Windows Authentication (aka NTLM). The deal is we have the application running on a server in our domain (company.net), and a customer whose workstation is joined to another domain (customer.net) needs to access our .NET application. See the problem? Integrated NT security - server and client are on different domains

How can it be done? Can our domain be made to trust his user? Can we create a login for him on our side and somehow store those credentials for use on his workstation? I see there's a Network Passwords thing in Vista that looks like this:

Can we use that to store his credentials for company.net, and his computer will automatically send those credentials when needed?

 

[da sponge]

Domain Trusts.

http://technet.microsoft.com/en-us/library/cc786873.aspx

I can't think of anything else, but I'd be extremely wary of doing this.

 

[cyberjt]

Are the two domains with the same forest? if so you could use either a universal group, or more correctly use a domain local group with container global groups from the other domain.

 

[jonw757]

Yep a trust or maybe Microsoft Identity Lifecycle Manager, but that may be overkill if you dont have a lot of users.