I'm using the basic ISS Authentication model for simplicity and I want to secure our mapping services using tokens and the IIS authentication built into the JSAPI proxy security. I only have two requirements for doing this:
-Don't ask the end-user to log in to the mapping application again after logging into the website (via basic authentication) -Prevent folks who didn't authenticate with IIS from accessing the web services.