Here is my situation. I have an ASP.NET web app hosted in IIS inside of a large corporate network in the U.S. The site uses the currently logged in user's windows name for security - so it looks at the user name and determines what they can and cannot do.
Now, the South-American based operation of my client wants to use this application as well. We do not want to have to set up a separate server for them, nor a separate codebase, and they are not worried about translation of the English site, as they all speak English.
They are all on a totally separate network, with their own logins and domains. There are no hard links between the two corporate networks other than the internet itself.
What is the best way to give them access to this internal ASP.NET app? Some users can get in via a VPN connection, but that is sort of a pain to set up for each user, plus it requires that they have a separate login for the U.S. domain.
Could this be accomplished by a permanent VPN between the networks and a trust between the domains?
I believe the only way to do it without changing how the authentication works on the website will be to do as you said, create a vpn tunnel between the networks and a trust between the domains.
This page contains a walkthrough for setting up a trust.