LeDuFe,
if i understood you correctly, you have a HFS server in your company and you want to allow your friend to connect to your HFS server from another office. Both of you have different dynamic ip's (you are not in a LAN) and both of you have static URL's from DynDNS.
Do you only want to check that it is really your friend who connects to you? Then make a unique account with username:password.
Or do you want additionally check that it's your friend because the user:pass is correct and he is also connecting from this specific (DynDNS)address?
As rejetto said, i would not trust on that. Headers, which contain the host information can be modified easily (f.e. Proxomitron).
To my opinion the only almost certain way to know that it is your friend who is trying to connect is:
Give him an unique user:pass account for the resources he is allowed to access. This is the default procedure.
To add more security, you could run HFS with SSL and provide your friend with a trusted client certificate. This certificate resides on your friends computer (in a safe place!, but can you be really sure about that??). Connection with HFS will only be made, if this certificate fits with the one you have and the user:pass are correct. And, of course http access to this resources should be switched off!
But do you really need that? If someone else can access your friend's computer with the client certificate and find out the user:pass, then you are back at square one. And before you consider to apply this, first make sure that your WIN is updated and patched, your router is not accessible from the WAN side or at least password protected (not the defaults!) and your WIFI AP is protected (no SSID broadcasting, WPA not WEP, allow predefined MAC adresses only, passworded).
And in case you want protect your crown jewels , i would search for a trusted professional hardware/software (VPN) solution.