It's always seemed to me to be natural to want to set up ASP.NET to use Windows authentication if possible, then fallback to Forms if necessary, but my sparse research had suggested that this was not possible. Apparently I was wrong (and not alone in that), as the following article tells you how to do just that:

Security: Mixing Forms and Windows Security in ASP.NET (ASP.NET Technical Articles)