One simple way of using Windows security is to specify "integrated security=SSPI" in the connection string (i.e. "server=(local);integrated security=SSPI;database=mydatabase" when connecting to your SQL database--but this has nothing to do with logging into your application. This also does not offer any immediate logging you may want.

I would employ both secure connection, as above, and user file with password. Encrypt the password too in the file too. I hope this was helpful and good luck.