Application Role to connect to the SQL SERVER 2005

In a recent project, I meet a problem. I write a tool which would write information to the database when user use this tool. The database use the Windows Authentication, but not everyone has the permission to write the database. According to the Security Policy, we can not grant everyone the permission to write the database.If we use the SQL Server Authentication, we can specify one account in the connecting string. But we can not do it in current Windows Authentication. And we can also not modify the Authentication Model to the SQL Server Authentication.After some research, I found two method.

1. Make a web service as a middle layer, and call the web service in the tool. Web service would be a proxy to do the actual work. And the web service would use the System Account to do the work.
2. Using the Application Role, I think this one is easy. At first you add a Application Role in your database which you want to modify(You need assign a password for this Application Role, and do some modification. You can do it in SQL SERVER Management Studio, and save it as script for repeating work). And then grant the permission to the object you want to insert,select,update,delete. Then you can use it in your code, like C#,VB.NET.

EXEC sp_setapprole 'Application Role Name','Password'

Add this line before you call other command in your .NET code.