So I have inherited this project and it has around 20 forms, hundreds of controls, and many tens of thousands of lines of code. I've been working on it for a while and now my boss is requesting the addition of user accounts.
Basically, there would be different levels like User, Supervisor, and Administrator. When you start the application you would have to log in and it would check your log in credentials against some database of sorts and determine what kind of permissions you hold.
User would have all the controls disabled on the main form except for the Go button (good way to do this?). Supervisor would have everything enabled and could make user accounts (just on some form). Administrator is identical to the Supervisor but can also backup the user accounts.
Now my problem is I'm not exactly sure how to implement this. I cannot query an online service or database because the program has to be usable without an internet connection. The problem with having an external file on the computer is that someone can edit it or delete it.
My idea was to store the user accounts in the Settings class in the application but even that stores an external configuration file. I think I'd need it to be able to be stored in the executable but also be saved and imported as a file.
Obviously the password would have to be hashed as well in this file. Does anyone know any good and easy to use classes (preferably one that doesn't have restrictions on use because this application will be commercially sold). Should the usernames be hashed too? Because if someone gets a hold of the file they shouldn't know all the user names either because it could make it easier to guess passwords.
Your boss is requesting a major shift in your application.
Without knowing all of your requirements I can't really push you in one direction or another. Check out the Smart Client Architecture and Design Guide (also available in PDF), it should help you understand the scope of what you're trying to accomplish as well as identify some design/architecture patterns your going to need to consider.
Chapter 5 deals with security considerations and describes different authentication models. This should at the very least give you a good starting point.