If I have an ASP.net web app set up to use windows authentication only on IIS, does it follow that any authenticated user should have connected from a machine that's joined to the domain?
Does it make any difference if NTLM or Kerberos is being used?