There are 2 options:
1. In the forehead: NTLM authorization. To work in IE/Chrome, it is necessary that the site be added to the trusted ones, in the user authentication settings there should be automatic login to the network with the current name, + additionally in windows 7+ www.symantec.com/business/support/index?page=conte ... + developers.de/blogs/damir_dobric/archive/2009/08/1... and superuser.com/questions/682524/how-to-change-local...
FF also needs sivel.net/2007 /05/firefox-ntlm-sso
Next on the site through NTLM we get the username and domain - and then, depending on the paranoia, we either take our word for it, or go to AD and check that such a user exists.
I want to emphasize separately that this method of authorization is NOT RECOMMENDED officially, because it is quite full of holes (the ntlm format on the client side is very simple, you can easily fake requests and transfer any data).
2. Use active directory federation services
I have no live experience here, but in general it looks more reliable.