My fellow experts, I need some guidance. I want to create an AccessPoint login form that authenticates not against a custom directory, but against the Active Directory (domain) in NTFS mode. I've made a basic AD login form (working fine) using the steps in this MSDN article: http://msdn.microsoft.com/en-us/library/ff650308.aspx. But the problem is that once I've captured the user's login and authenticated him against the AD, I need to somehow pass this information to the AccessPoint (or even the direct URL of the QVW) to override the logged-in Windows user identity. I've tried the following:

1. Ticketing: but of course that only works in DMS mode. In NTFS mode I've discovered that the only ticket that will authenticate is for the logged-in Windows ID. Any other ticket will result in a "you don't have access to this document" error.
2. QVP: by passing the user ID in the form qvp://user@server/file.qvw, I can sometimes override the logged-in ID. I say "sometimes" because this interface is really buggy and often just presents the "Connect to Server" dialog. This is also not a good solution because I am targetting users outside the domain (via a website) and don't want to force a plugin installation. And yep, I will indeed be creating internal AD logins for external users.

I can use QVS 9.0 or 10.0, makes no difference. As far as I can tell, any custom login form would have to authenticate against Authenticate.aspx, but since Authenticate.aspx only has Header and Custom User authentication, how do you modify it (or write another page perhaps) to check against the AD?

Thanks!