Ok so we have ...

1. Multiple pages in a single xap file
2. Single page in a single xap file
3. Multiple xap files

I need windows authentication with a login (didnt get approved to do integrated seemless logins :(), the appearance of or actual multi page experience.

So which or is there something more that we can add that would make a multiple page or multipage simulation most secure?

Thanks

After researching,... I went with a single xap file with mutiple pages.
Calling WCF services to do the authentication from within SL.

If the user logs in and authenticates sucessfully then its stored in an object in memory for when we make other WCF calls which also require the user to be authenticated. All this in an intranet environment under terminal services running ssl on iis on a second server. Cross domain scripting to allow the communication between servers. You can cal the authentication methods within WCF unless its over https.

Multiple xap file approach has its downside as a user can script their own page and paste in the SL object tag code to try to load the control without logging in.