Am I correct in assuming that the workstation restriction wouldn't really work in a terminal server environment?

Also... let me know if this is possible... We use terminal server instead of deploying our apps to individual computers. This way the front end and the database are on separate computers in the same location so we dont worry about performance over the WAN.

If we were to use Role-Based Security is there a way that we could log the user in automatically based on the user name they used to log into terminal server? This isnt a big deal but this would require that the user log in three times to get to the app, once on their computer, once to the terminal server, and again at the app. I realize that because of the way we're structured this isnt your fault i was just wondering if its possible.

No, this would not work on a Terminal Server since the machine name is the same.  In this case, just apply a restriction set to a user.

Sure.  You would just handle the login yourself instead of going through a login form.  For example, you can login like you would for a web environment by calling the AuthenticateUser() and SetLoggedInUser().  You can find more about this in the help documentation:

Defining Security within the Application -> Programmatic Access -> Login Class -> Methods

AWESOME! Thanks.

Sure

By using the SetLoggedInUser method all it does is return a loginresult... how would I be able to tell if the password or username was incorrect?

The LoginResult will tell you whether the user successfully authenticated or not.  Also, if you just want to authenticate the user and you don't want to change the currently logged in user, you can use Login.AuthenticateUser().