I am really just trying to confirm my understanding here. I want to restrict access to a service to specific roles in Server Manager. I then want to embed that service in a web application. If I do that, will users be prompted to provide a username and password automatically when they try to load that page or will I need to build a mechanism for them to provide it?