If I understand your question correctly, you're asking whether it's good to implement a CRUD API with a service bus, with the possibility that fairly large amounts of data must be transferred, and including the ability to determine whether some user's credentials can be authenticated.
I don't think I would ever do that - it sounds to me like you're better off using a synchronous API that is good at transferring data ("synchronous" in the sense that all operations have a 1:1 request/response correlation, even though your client library may still have an asynchronous way of making synchronous calls - it might even provide the ability to do efficient async
/await
).
Another question is whether you're actually better off ditching remoting alltogether, providing the ability for your web application to perform the CRUD operations directly against your database. You can still make your application decoupled by hiding your implementation behind an interface.
If you're worried about temporal decoupling, I'd say you lost the temporal decoupling already when you decided to expose an API with a return type different from void
;)
Does that make sense?