Attached to this post is the CAS sample I've been presenting on NTK2007, translated to English. Here's couple of notes about setting it up and taking it further:
1. The ("Orcas") solution contains two projects: ClientServices is a web project, serving CAS to the Windows Forms Client (ClientApplication).
2. ClientServices web project doesn't include the Membership database, you'll have to create your own [Visual Studio can create one for you automatically]. With the provided Configuration web tool, set up as many users as you like and create at least two roles: Administrator and PowerUser. Don't forget to switch to Forms authentication.
3. With ClientServices web project set up, configure ClientApplication to use the service. There's a new configuration tab called Services in ClientApplication properties pages. Point all the addresses to the address ClientServices is listening on.
This should get you going... A couple of things to note:
1. Checking the "Remember me" checkbox on the Login dialog acts the same as you'd expect from a web application - the application will automatically log you in on the next run. Log out button will clear this state and force you to enter your credentials manually again.
2. When a user, logging in, is in "Administrator" role, main form's title will reflect that:
Similarly, when a user, not in PowerUser role, clicks the "Say Hello" button, she will get a "No permission" message. This example is showing off declarative code access security.
By default, roles are set up to be cached for 1 day, which means that adding or removing a user from particular role won't have immediate effect on how application handles this role. To change this setting, click on the "Advanced" button on Service's tab:
... just be careful - setting the Role service cache timeout to 0 means that your application will call the service each and every time it needs to check whether current user is in specific role, either demanded imperatively or declaratively.
3. When you declare new profile properties in your profile service, you'll be able to use those as your application properties; just select Load Web Settings on the Settings tab to get them to your client application.
The fun part is that you can bind these properties to your user controls as you were used to with VS2005 applications, except that settings won't be read/written to your local configuration files, but rather to your remote, centralized profile/settings store.
As you can see from the enclosed sample, there's very little code that had to be written for all this to work.
Download the sample code.
Also see some of my previous posts on CAS:
c34db48f-a9c7-4fa6-8ba3-34c1b57e215d|0|.0|27604f05-86ad-47ef-9e05-950bb762570c