>Thanks Bonnie,
>
>>>I have taken on a C# contract. The users are mostly remote, so it makes sense to access the data via a WS.
>>>I'm unsure as how to design it.
>>>
>>>1) Do I create properties on this for the Connection String, UserName, Password, ect...
>>
>>Connection information would normally be stored in the web.config file in the Web Service virtual directory.
>
>What's the syntax for accessing information stored in a web.config file?
>
>
>>
>>>2) Do I create a genralized method that takes a query and runs it against the data, or should I create a method
>>> for each query I need to do?
>>
>>Break it up more than that. IMHO, a Web Service should do no more than pass on the request to a Business layer (which would then pass it on to a DataAccess layer). These all, obviously, live server-side. You will want a Web Service method for every kind of call you would normally make to the backend. You can even break it up into multiple Web Services by functionality (IOW, we have a MyApp.Personnel.asmx and a MyApp.Incidents.asmx, etc.etc.)
>
>So if I need to return a Customer record, then the WS would have a GetCustomer method, which would call GetCustomer
>on a Customer class, which is then passing the request to a data access layer?
>
>
>>>3) How do I handle security?
>>
>>https? or was that not what you meant?
>>
>
>I'm not sure what I mean. I guess I'm wondering what's stopping anyone at all from accessing the data through
>the WS. Do I handle security in the DB? Or is there another approach?

Who do you want to allow data access to (i.e. what's would be the criteria for authorisation)?
Regards,
Viv