For Windows, Pass Through authentication is using the credentials you supplied on your client workstation to the resource using Windows Networking as the security resource. The resource then set up to only allow access to Global Groups (or NT Authority Groups) from the domain. Generally, this type of security is used with local domains or domains that maintain a trust relationship. A good example would be a corporate intranet consisting of a domain in one division of a company (like Finance) with a different domain in a different division of the same company (like Sales).

In this corporate scenario, you log onto a Windows with your domain account and obtain a key from the Domain Controller that identifies you and your associated groups. The web server running IIS checks that key against the ACL on the files, and allows the appropriate access. By setting up IIS to use Windows Authentication in such an environment enables Pass Through authentication.

In other words: what you use to log onto your local machine logs you onto the web site.