Authentication Authorization ASP.Net Tutorial

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" 
    Inherits="Default" %>



    Please, log in


    
      
        
        
          
          
        
          
          
        
User ID
Password

        
        
          
      
    



File: Default.aspx.cs
using System;
using System.Data;
using System.Configuration;
using System.Web.Security;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
public partial class Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        SetFocus("userName");
    }
    protected void LogonUser(object sender, EventArgs e)
    {
        string user = userName.Text;
        string pswd = passWord.Text;
        bool bAuthenticated = AuthenticateUser(user, pswd);
        if (bAuthenticated)
            FormsAuthentication.RedirectFromLoginPage(user, false);
        else
            errorMsg.Text = "Sorry, yours seems not to be a valid account.";
    }
    private bool AuthenticateUser(string username, string pswd)
    {
        string connString = ConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
        string cmdText = "SELECT COUNT(*) FROM employees WHERE firstname=@user AND lastname=@pswd";
        int found = 0;
        using (SqlConnection conn = new SqlConnection(connString))
        {
            SqlCommand cmd = new SqlCommand(cmdText, conn);
            cmd.Parameters.Add("@user", SqlDbType.NVarChar, 10).Value = username;
            cmd.Parameters.Add("@pswd", SqlDbType.NVarChar, 20).Value = pswd;
            conn.Open();
            found = (int)cmd.ExecuteScalar();
            conn.Close();
        }
        return (found > 0);
    }
}