Application roles have been around forever, but have you really ever implemented them in SQL Server? For that matter, do you really know what they are and how to use them? Here's a quick look.
Before we begin, though, let's look at how application security can be implemented in SQL Server. There's debate over which model is better and I am not endorsing any specific one. Regardless of whether you use SQL Server Logins or Windows Authentication, you still have to decide whether an application uses a single login to access SQL Server (and all appropriate database objects), or allow users to have their own login.