I‘ve got a MVC application configured to use Windows Authentication in IIS. So If an user accesses the app from a machine within the same domain and a browser which supports WIA, no credentials dialog will be displayed and the user is logged in right away. If an user accesses the app from a browser or a machine which does NOT support WIA or is outside the domain, the credentials dialog is being displayed correctly.
Additionally I‘d like to teach the app the following behavior. Some users from the domains are not allowed to access my application, so the app should reject the user (e.g it is not within a specific AD group) even though it has authenticated successfully and force it to enter the credentials of a different user manually using the same dialog which is user to authenticate users using a browser not supporting it.