Since there are still no answers to this question, and two years have already passed, I feel that at least there should be a follow-up.
Authenticating an application using your voice is a very complicated and complicated issue. Each case will probably require a serious set-up, and as of right now, I believe that there is no ready-made working solution for this. The subject of speech recognition / speaker is still an academic subject.
You can use HTK or Sphinx to create your own authentication tool. This is entirely possible, although quite complicated and still prone to false positives and / or deviations.
Regarding authentication on the Internet, this adds some technical difficulties, which, however, can be overcome. You need to somehow get the sample, either using the java or flash applet (something that the microphone can get anyway), and then send it for analysis (it can happen in the same applet), and then transfer the results to your web application.
For anyone who is still thinking about a problem: I would suggest creating an sphinx-4 Java applet for authentication. This is possible, although costly and requires some advanced knowledge.