Login Security ASP.Net

<%@ Page Language="VB" %>

    Protected Sub Button1_Click(ByVal sender As Object, _
      ByVal e As System.EventArgs)
        If FormsAuthentication.Authenticate(TextBox1.Text, TextBox2.Text) Then
            FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, True)
        Else
            Response.Write("Invalid credentials")
        End If
    End Sub



    Login Page


    
    

        Username
        
        
        Password
                 TextMode="Password">
        
                 Text="Submit" />
    

    


File: web.config