Using Integrated Security

Good day,

I have a Login.asp page to authenticate the users to my Web
application. Is it possible for someone to hack into the Login.asp page
by changing the value of the REMOTE_USER variable in the header and
then gaining access to the page? How would that be done (hacking?)
Also, what happens to the following piece of code if:

> I login to my machine as MyDomain\User1, somehow manage to hack the Login.asp page to accept the user as MyDomain\User2:

Set objSecurity =
GetSecurityCallContext("OriginalCaller")
If objSecurity("AuthenticationService") = 10 Then
sExternalUserName = objSecurity("AccountName")
End If

What will the value of the REMOTE_USER variable be after executing the
code above? Will it be MyDomain\User1 or MyDomain\User2?

Regards,