>Hi Viv and thanks, as I said to John the more I look at this project the more I think it should be a web app which would remove the need for cross platform I just need to find a way of restricting its use to a selected group maybe using RSA type keys or whatever the cool way is these days, as always I'm open to suggestions.

I would have suggested a web app but it's not really possible to get the 'slickness' of a native app and I thought you may have ruled it out for that reason.

The best approach to restricting access probably depends on (amongst other things) the number of likely users and how they would be added/removed from the list. One option for a small group is to use Windows authentication on IIS and restrict access to specific domain roles/users.

The last time I needed this type of security we required the user to request an account which triggered an email to admins with a link allowing them to approve the request and activate the account Also, by storing a token in html5 local storage, we allowed users to be permanently 'logged in' unless they specifically logged out (or their account was disabled by admin)