What is wrong with you people? I've personally been asked three times in the last 2 weeks how and if is it possible to achieve this. Skipping a simple security check... that's lazy, not functional...
And now, back to business... There are more ways of doing it:
1) You have to integrate the login with your windows login: go to IIS admin tool and for your site's properties go to the "Directory security" property page. Press the "Edit" button in the "Anonymous access and authentication control" and then check "Integrated Windows authentication". The user which logs in the app MUST provide his credentials the first time he logs in, if he checks "Remember password" in the dialog that pops up (windows user/password dialog, managed entirely by IE, you don't have to write a singe line of code). Then, the IIS will allow (or not) access to the requested app. Advantages: easy to implement, it is not mandatory that the user logs in locally using his domain credentials. Disadvantages: the user must provide adequate credentials the first time (as described above) and each end every time he goes to another computer where his user/password were not saved (since the credentials are locally stored).
2) Use LDAP to verify that the user which made a request to your server is logged into the domain. This is much more complicated and you'll have to carefully write the code, since it's quite sensitive. You'll also probably need to set up the LDAP. There is also a delay between the moment the user logs out from the domain and the time you can see this from LDAP. Advantages: the user can go to another computer and login into the app without needing to do anything (he just needs to be logged into the local OS using domain credentials). Disadvantages: you'll have to document, you'll have to write & test code, the user must login locally (could be a problem if the domain policy is not to allow multiple logins and the user is also logged in on another computer).
