The following is an unsupported macro. It may or may not need modification for use in your setup. The concepts though, are sound. See also "How do I use Web Crossing with a central authentication server" for more information on using similar authenticateFilters.
If you have both "BASIC" and "WINDOWS Challenge and Response" authentication turned on in IIS, then if a user comes in through IE, the Windows authentication is used and the "REMOTE_USER" variable is set to "DOMAIN\username" and we automatically add them to our site with this name.
If the user comes in through Netscape, the Remote_User is set to just
"username" and we add them accordingly.
This is a basic filter which automatically strips off the "DOMAIN" and uses
this for a group name to which the user is added automatically. If the
user comes through Netscape, there is no domain to add them to.
If they are not already in the Database, then they are created with the
name without the DOMAIN attached.
This seems to work quite well for many customer sites.
%% macro httpBasicNewFilter %%
%% set FullUserName envir( "REMOTE_USER" ) %%
%% set DomainName FullUserName.split( '\' ) %%
%% set UID userLookup( FullUserName ) %%
%% if ! UID %%
%% set UID userCreate( FullUserName ) %%
%% endif %%
%% set temp UID.addUserToGroup( DomainName ) %%
%% UID %%
%% endmacro %%