After researching,... I went with a single xap file with mutiple pages.
Calling WCF services to do the authentication from within SL.
If the user logs in and authenticates sucessfully then its stored in an object in memory for when we make other WCF calls which also require the user to be authenticated. All this in an intranet environment under terminal services running ssl on iis on a second server. Cross domain scripting to allow the communication between servers. You can cal the authentication methods within WCF unless its over https.
Multiple xap file approach has its downside as a user can script their own page and paste in the SL object tag code to try to load the control without logging in.
VB/Office Guru™ (AKA: Gangsta Yoda™ ®)
I dont answer coding questions via PM. Please post a thread in the appropriate forum.