Web pages are, by nature, state-less objects. When you click from page to page in an ASP.net application, each request for a page is treated as a brand-new request. We use things like cookies, session-variables, and query strings to maintain state from page to page.
When you log in to an ASP.net web application using Windows Authentication, how does IIS persist your identity between pages?
If you use something like Fiddler2, or any other web proxy tool, you can look at the header and see that for Windows Integrated Authentication, it gets the domain/username from the header, so it is able to know who you are, and then it will probably be using a session to help keep state between pages.
The browser "helps out" in the case of domain authentication. Instead of asking you on every request, it remembers what you entered the first time and keeps re-sending it along with every request for that site.
Session is identified usually by a cookie (the 'session cookie') unless you set your app to be "cookieless", in which case the identifier is in the url.