I would like to reply to my own post so you know how far I got. I still need help but I am very close to an acceptable scenario.

Using:
• DNN6
• Unreal Skin
• Windows Server 2008 R2
• IIS 7.5

Trying to accomplish:
• Intranet site using Integrated Windows Authentication against domain accounts
• Secure access to the intranet from outside of our network using Windows Auth challenge so no one can even see the first page
• Auto login of users internally
• Auto login to the site by way of external access after successful challenge
• Auto account creation both internally and externally

Current Settings:
• App pool set to Classic
• Anonymous Authentication in IIS turned off everywhere.
• Forms and Windows Authentication selected at the site level as well as the \DesktopModules\AuthenticationServices\ActiveDirectory\Windowssignnin.aspx
• Web.config file modified. I had to add the line “
• I left the existing line commented out
• ACL at the site level grants Domain Users read-only

What Works Now:
• Because we are using both Windows and Forms authentication in IIS, I can log out as myself and login as Host directly into the site which is desired because I cannot seem to assign superuser rights to a domain user(me)
• From a workstation logged into the domain with the site entered into the Intranet zone, A user can hit the main URL https://portal.medicushcs.com and have his/her account auto-created and logged in
• Subsequent logins for existing accounts will also auto-log in with no problems.
• From the outside using a non-domain member computer, the user can hit the main page https://portal.medicushcs.com and get presented with a Windows Auth challenge. They can log in as DOMAIN\username and have their account auto-created and auto-logged in.


This is 90% of what I need. I am not sure if this is optimal from a security standpoint but from what I am seeing, it is getting better.


Problems:
• If the user hits the logout button, or if the site logs them out automatically, they cannot log back it using the Windows login option. To recover, I have to delete cookies and access the site again which will log the user in automatically. *I need to solve this problem*
• Related to the above, when I am in as superuser it eventually times out and defaults me to my personal AD based account but it is limited. I can only see two of the 5 tabs I have created for pages. This is frustrating.
• The requirement to supply a domain name before the username still exists due to Windows Authentication. I have the domain assumed in the site settings but I will need to tell IIS to default to my domain name when people are presented with the challenge.

I will be performing more tests this evening as time permits. In the meanwhile, Mike, if you have any suggestions to clean this up, I am all ears. Thanks in advance for everyone’s help.

I apologize that I may not be so well versed in this to provide comprehensive instructions. I have been stumbling through it myself and I am still not 100% happy with how it performs.  However, it would seem to me that if you followed the instructions in this thread as well as setting your app pool to classic, all you would need to do is turn off forms based auth everywhere and leave Windows auth enabled from the top down. It should be the only authentication option enabled. This should then present the windows challenge to your users every time. To make it easier for them, either manually add the site to IE's local intranet zone or accomplish the same through a GPO. This part works well and will automatically log your user's in using their cached windows creds.

It is worth noting that if you disallow forms based auth, you will prevent yourself from loging in in as 'host' and therefor you will not have superuser access, and access to the host level. If you ad your own Windows creds as an administrator, you will still be able to access the site / portal level as an admin by way of your own cached windows creds. Do this first before you turn off Forms Auth or you will paint yourself into a corner.

I tell ya what, stumble through it yourself. If you have specific questions, send me some of the config items you want to compare. This will be a more targeted approach without causing me to re-learn all of this. I think I burst a blood vessel in my skull getting this far ;-)