Howdy. I&#039;m rebuilding a timesheet application using Com+. Some of the components in the middle tier will be accessed via both Soap (internet) and a VB app (LAN). The original app was used ASP 3.0 and was intranet only.<BR><BR>My question is to do with the methods in the middle tier.<BR>Originally if a contractor wanted to generate a timesheet report for him/herself the method used would be:<BR>GenerateReport(startDate, endDate, ContractorID) which returns a recordset.<BR><BR>This should still be fine for thick clients on the LAN, but SOAP clients on the internet how do they know their ContractorID (which is a database table PK)? Should it be:<BR>GenerateReport(startDate, endDate, UserID, Password) ? - verifying the user each time?<BR><BR>Also, I&#039;m using the Soap Toolkit to generate the WSDL - it doesnt like Com+ components which return recordsets, but it can handle an XML string.<BR><BR>What do I do? Should I double up on all methods which are accessed by soap and the thick client, such as:<BR><BR>GenerateReportXML(startDate, endDate, UserID, Password)<BR>GenerateReportADO(startDate, endDate, ContractorID)<BR><BR>I hope I&#039;ve explained my problem well enough. Any advice is much appreciated. If you&#039;ve had a similar dilemma please let me know the outcome. If you know of any articles on the net which cover this topic please advise.<BR><BR>Cheers<BR><BR>Michael Samuelle.