You could place the security data within a separate database that is shared between several applications (by each having a datasource to it).  You could then point the applications at this database for the security data.  As for web services, you could use the enterprise server, which uses HTTP for the database communication, or you could write your own web services to query the credentials and return a SFSUserBO object containing the user's data.  After that, you can use the MicroFour.StrataFrame.Secrutiy.LoggedInUser.SetLoggedInUser() method to set the current user within the application to the current user; however, the application would still need to be able to see the security data directly so that it could query the user's roles and privilages.

Is is possible to use role-base security for a set of winform applications by accessing login and credentials via a web service? Of for the moment are we limited to an app by app implementation?

Derrick