I have a login page where I have my own label and texboxes which take input username and password, and there is a function in which there is a SP which validates username and password stored in the database.

My code in Login.aspx.cs is such that I call that function and validates username and password and redirects to next page Page2.aspx.

Now I want my site to be authorized such that if a user tries to access internal pages he couldn't be able to do that.

I have code in my WEb.config for that is

<authentication mode="Forms">

			<forms cookieless="UseCookies" timeout="525600" />

			<deny users="?" />
			<allow users="*" />

and code in login.aspx.cs is

protected void btnLogin_Click(object sender, EventArgs e)
validateUser = validateUser.ValidateUser(txtUserName.Text, hashedPassword);

if (Page.IsValid)
				if (validateUser != null)


					lblErrorMessage.Text = "Invalid User";

Now when I try to run internal pages without login it automatically redirects to login page which is fine but when I put valid username and password in the login page it redirects with some "ReturnUrl" and not able to redirect to the Page2.aspx page.This is my problem.
Can anybody tell me where I am doing wrong or need to change the code somewhere?
Thanks in advance,

Yes, your problem is that you are over complicating the problem.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.