30.2. Role Authorization
So far, you have seen how to enable the client application services, but they haven't really started to add value because the user has already been authenticated by the operating system when you were using Windows authentication for the client application. What isn't handled by the operating system is specifying which roles a user belongs to and thus what parts or functions within an application the user has access to. While this could be handled by the client application itself, it would be difficult to account for all permutations of users and the system would be impractical to manage, because every time a user was added or changed roles a new version of the application would have to be deployed. Instead, it is preferable to have the correlations between users and roles managed on the server, allowing the application to work with a much smaller set of roles through which to control access to functionality.
The true power of the client application services becomes apparent when you combine the client-side application framework with the ASP.NET Application Services. To see this you should add a new project to your solution using the Visual Basic ASP.NET Web Application template (under the Web node in the New Project dialog), calling it ApplicationServices. As we are not going to create any web pages, you can immediately delete the default page, default.aspx, that is added by the template. You could also use the ASP.NET Web Service Application template, ...
