At least a one-way trust is required when accessing the web portal and using the AD authentication modules.
For example, when a user from an untrusted domain, to that on which the IIS server resides, attempts to log in to IT Shop, the authentication will fail.
Basically, if the user cannot authenticate to IIS, then the authentication won't work, because there is no trust.
In this case the domain where the user resides, let's assume Domain A, needs to be trusted by the domain where the web server resides, let's assume Domain B. For this to work a trust direction from Domain B to Domain A will be required.