I have two sites: one web app, and one ADO.NET Data Services app. I want a user that's authenticated to the web app to authenticate with the same credentials as the ADO.NET Data Services app. What is the best way to implement this from a security perspective? Attached is an image of the architecture Iplan to implement. Thanks in advance, Dan. Edit: It is not difficult to securely call an ADO.net data service from a Windows client. In 3.5 there is a technology called Client Application Services http://msdn.microsoft.com/en-us/library/bb384339.aspxthat facilitates this. For some reason doing this from an ASP.net app as the client is not well documented. Post Edited (crowsol) : 1/2/2009 12:45:48 AM GMT