Being the first one to implement a .NET-based architecture at our department of Observer, I'm facing all sorts of issues that I didn't know and/or didn't care about a few weeks ago.. One such thing that I found today is that there are two, pretty much completely different, role-based security models that you can use whan developing a .NET application; COM+ role-based security or "standard" role-based security.

Luckily, we already use COM+ role-based security for our old VB6 apps, so the choice for me was rather easy.. Anyway, if you're interested, I found this rather interesting article that summarizes the two different models, and suggests a way of combining them:
Security: Unify the Role-Based Security Models for Enterprise and Application Domains with .NET -- MSDN Magazine, May 2002