I haven't worked with windows authentication, but I don't see why it wouldn't work. As long as you pass valid credentials to the gis server, you should be able to return a valid token. We went through a similar issue on our server. Originally, we were passing every request through the proxy and found that the application server was creating a bottle neck. Instead, we opted to do a single token request when a user first opens the application. You can set the token to expired after a certain amount of time -- we use 24 hours.Here is function we use for requesting the token:
_getToken: function(onComplete){
dojo.xhrGet({
url: "code/getToken.jsp?&ref=" + document.location.protocol + "%2F%2F" + document.location.hostname,
handleAs: "text",
load: function(data){
var jsonData = dojo.fromJson(data);
onComplete(jsonData.token);
},
error: function(error){
onComplete(error);
}
});
},