In the Server Variables collection I note there are:
REMOTE_USER
LOGON_USER
AUTH_USER
Do these come from the decypted ".ASPXFORMSAUTH" cookie?
EDIT:
Think I am correct:
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];//.ASPXAUTH
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
Reference : what is ASPXAUTH cookie?