ASP.NET windows authentication across multiple domains or forests guidelines and explanation

ASP.NET windows authentication across multiple domains or forests
guidelines and explanation

Our client requested windows authentication for our asp.net application.
We finished it, deployed it and it works... BUT the problem we face is
that users from another domain cannot authenticate. Now our client blames
us. We also lack additional (critical) information from our client
(security...). We don't know if both domains are in the same forest or not
and what are the trust relationships between domains etc. Apparently only
users which are on the same domain as IIS can be authenticated via windows
authentication. Users from other domains always get popup to enter
credentials with which they cannot be authenticated.
We are using HttpContext.Current.User.Identity.Name inside application to
parse user name without domain and we then try to authenticate that user
against our application's database.
What I would like to know is which rules must be satisfied in order to
make windows authentication working properly across different domains in
different scenarios (same forest, different forest etc). What needs to be
done to make authentication working in each possible scenario. Trust
relationships, adding users explicitly ? I'm a developer not administrator
so my knowledge in this area is fairly limited. Please provide me with
info (link, direct answer, else) which thoroughly covers asp.net windows
authentication in multiple domains or forests scenarios.