Instead of writing your own code for checking if a user has access to a page just use the formauthentication that is available to u :)

web.config (mind the ‘ )

<'authentication mode="Forms">
<'forms name="appNameAuth" path="/" loginUrl="login.aspx" protection="All" timeout="30">
<'credentials passwordFormat="Clear">
<'user name="user" password="password" />
<'/credentials>
<'/forms>
<'/authentication>

login.aspx

<%@Import Namespace="System.Web.Security" %>
‘Sub ProcessLogin(objSender As Object, objArgs As EventArgs)

If FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text) Then
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, chkPersistLogin.Checked)
Else
ErrorMessage.InnerHtml = “Something went wrong… please re-enter your credentials…”
End If

End Sub

Page.aspx

<%@Import Namespace="System.Web.Security" %>
Sub SignOut(objSender As Object, objArgs As EventArgs)
‘delete the users auth cookie and sign out
FormsAuthentication.SignOut()
‘redirect the user to their referring page
Response.Redirect(Request.UrlReferrer.ToString())
End Sub
Sub Page_Load()
‘verify authentication
If User.Identity.IsAuthenticated Then
‘display Credential information
displayCredentials.InnerHtml = “Current User : ” & User.Identity.Name & “” & _

Authentication Used : ” & User.Identity.AuthenticationType & “
Else
‘Display Error Message
displayCredentials.InnerHtml = “Sorry, you have not been authenticated.”
End If
End Sub