I have a weird problem: I have a Windows Forms app that's ready to roll. It needs to have users and roles to ensure the right person accesses the right functionality.

My boss wants me to use the Active Directory to provide the app with the users and their roles and access rights for the app's features.

My problem is how do I map the user's access rights to the app features?

With a web app it's fairly easy because you can assign/revoke access rights to different folders and the job is done. However in a Windows app which will be deployed to each user's desktop, how the heck do I control the features?

.