I have a rather complicated business application written in ASP.NET that is deployed to a server. The site uses forms authentication, and there are about a dozen different roles. Employees and customers are users of the application.
Now I have a requirement to develop a Windows Mobile client for an application that allows you to perform a very specialized set of tasks from the device, as opposed to a browser on a laptop. The customer wants to increase productivity with this measure. Only employees will use this app.
I believe it makes sense to reuse a security infrastructure that already exists. The client does not need battery life.
My idea is to deploy a set of web services to a folder of an existing site that only the new "web service" role has access to, and also use forms authentication (from the Windows Mobile 5 / .NET 3.5 client),
I saw this question , and I am aware of the limitations that Forms Authentication creates. Since security is not my main motivator (I use SSL and can restrict access by IP address), but using existing user accounts and roles, my decision tree is also slightly different.
Can I do this, is it a good idea, and are there any code examples / examples you can point me to?