okay so having said that - your assistance in "lets begin" would be appreciated....

if i leave the database open with a larger surface area for things to get out of hand (deletions/unauthorized edits/ etc), that's okay at the moment because the app itself really restricts database access and displays info more than it allows changes - i have roles already in the winforms app that range from guest thru admin - of which at the momemt I am the only admin for those exact reasons) but i would of course love to be able to lock it down later after proof of concept has been achieved.

the idea of common code between both apps is HIGHLY appealing by the way, but can that also be added later? again, after proof of concept?

if i can register a domain name (i have), create a new asp.net project in visual studio 2010, slap username and password fields on it and a 'login' button and when you click that button, it checks my existing login table for those credentials and if successful redirects to a page that states "congratulations, you logged in", and that's it..... that would be success for me because now everybody can still use the winforms app and i can begin the learning curve in which i can hit you guys up with a million questions :-) while still allowing the winforms app to log in and function normally

then publish that simple little page to the domain, set up IIS to allow authentication to the database on the second server and voila, baby step number 1 has been taken and is the first one in to the larger world of asp or silverlight, or any of the many other technologies.....while everybody continues to work in the winforms app none the wiser that their application is now slowly being turned to the web while i start learning......

or am i being too ambitious at this point?