I just purchased MM.NET (finally..) and spent the weekend getting familiar with it - looks great!.

I am building a project for an Intranet application in which I don't want the users to log in to the application specifically - if they have already logged in to Windows. I still want to use the role-based security within the framework to manage application users. If the user is already authenticated via Windows/IIS, I would like to pick up the userid from the HttpContext and register the user with the application. It looks like the SecurityMgr.RegisterUser will handle the registration for me, but at what point in the application should this be done? Can I do it without a password? Is there a better approach?