You need to use Integrated Windows Authentication (also known as HTTP Negotiate / RFC 4559 or sometimes incorrectly referred to as SPNEGO).
If you do, a user will be authenticated using the credentials they were issued when when they logged onto their workstation, and a SAP logon ticket will be issued so that subsequent pages accessed won't require them to authenticate again.
Thanks
Tim
