0
I can't give you the solution. You're a final year student so you should be able to figure it out. It is really pretty easy. I'll instead describe a class that I wrote as a general SQL validator. My process used MD5 encryption for the password, but if you replace the MD5 encryption with your biometric data the process is the same.
First, let me emphasize that no method of security is foolproof. When you're talking about some kind of communication between applications, such as might exist between an ASP.NET application and an SQL database the communication medium becomes the weak point. So my method uses SQL stored procedures to create, update and validate user data.
The process is fairly straightforward. Create a class to handle the communication between the application and the SQL database. The class takes the user information, encrypts the password sends it to an SQL SP that creates the user entry. Now whenever a user logs on, the class is called to validate the login information. The validation method encrypts the password and an SQL SP is called to match the username and encrypted password with the username and encrypted password as stored in the database. The SP returns a boolean value that if true means a successful validation. My validation method then creates a security principal which can be used by either ASP.NET or an application. Obviously, if the SP returns false it returns a false value to the caller.
Make no bones about it, there will never be a 100% secure model. I think my method is highly secure, but I also know of a few weaknesses. Anyone with enough know how to intercept the user data as it is flowing between the application and the SQL DB can simply feed it back to unlock the user data (that's just one method). I can think of a couple more ways to make the user data more secure too.