I'm going to decide an applcation that i want
"The client should pass username and password to login before calling other objects"

How can I implement an user authorization object ?? and pass the interface pointer of another object back to the client ??
How can i disable the client from creating the objects directly without authorization going through the authorization object ??

Besides, any samples of database application using COM i can find from the internet ???