I'm not sure about the solution you proposed, I imagine it would need some custom JavaScript to call the web service and pass the successful authentication back to the form.

One other way to do it is if you setup a website using something like WordPress or Joomla and install a Windows Authentication plugin to the site, you can embed forms into the websites pages and hide the pages so they only show after a user has authenticated to the website. From there, you can pass through the iframe of the embeded LF form a value, such as a username or email address. Then set the LF Form up to do a database lookup based on that value to populate other fields if needed.

This ensures that they are who they say they are because they still have to authenticate using their Windows credentials.