It sounds like you need to modify the authentication method of your "K" application. Then, you could build a module that takes care of the behaviors based on whether the user is logged in and is in a certain role.

Once you log into DNN and check the roles, your user needs to be authenticated to the "K" website.

We do something similar, but it required that our "internal" site would accept a token as proof of who the user was and they were authenticated.

Here is an example of what we do:

• Both sites must check for cookie/Token
  • If token exists, refresh it. If not, create cookie/token
• "Internal" site checks for cookie and uses value to authenticate to Token database
• Subsequent requests read the token from the cookie and validate against Token database
• When user logs out, cookie and database entry are deleted
• If user does not log out properly, you must clean up tokens on a set interval

Here is how I solved it.

• Put DNN and "K" as direct child siblings of web root.
• Make DNN and "K" have the same MachineKey.
• Write User Migration sql script, from DNN to "K".
• Make a link from DNN to "K".
• Modify "K" web.config authentication section like below. Key point is loginUrl and name.

>

<authentication mode="Forms">
  <forms loginUrl="/dnn/Login.aspx" defaultUrl="~/" name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
</authentication>

• Disable any code in "K" that allows the user to log in directly to "K".
• When the user visits "K" for the first time, execute user migration sql script. (you could initiate migration script in any moment that fits you the most.)

Now, the user will log in onto DNN, and click a link to access "K". When this happens, "K" can behave as if the user actually logged in using "K" application, like reading roles from Web.Security, etc. That comes for free since you made its forms authentication cookie name and MachineKey synced between two applications.