VB Login form ASP.NET with membership or similar

Question

need some minor help with declaring a new array that could read the sql username of the user (if logged in) and store it for later use, either to use it for pages that only authorized users could see (with simple if commands) or lockdown the whole site with web.config authorization system that would allow roles only for admins.

My code is this

  Protected Sub btnSubmit_Click(sender As Object, e As System.EventArgs) Handles btnSubmit.Click
        If Page.IsValid Then

            ' check for username & password in the database
            Dim conn As New SqlConnection("Data Source=.;Initial Catalog=SoftCoD;User ID=sa;Password=fouf")

            ' Get the row corresponding the given username and password
            Dim strSQL As String = "Select * From users Where Name='" + txtUname.Text + "' and Password = '" + txtPassword.Text + "'"
            'I recommend not to use * in querys
            Dim dsc As New SqlClient.SqlCommand(strSQL, conn)
            conn.Open()
            Dim dr As SqlDataReader
            dr = dsc.ExecuteReader()

            If dr.HasRows = True Then
                dr.Read()
                *g_sUser=Name????MsgBox(g_sUser)*

                Response.Redirect("Default.aspx")
            Else
                Response.Redirect("login.aspx")
            End If
            conn.Close()
        End If
    End Sub

Answer 1

You can use any of the following method for holding the username for future use

• Session
• QueryString

Method 1 : Session

 dr = dsc.ExecuteReader()
 If dr.HasRows = True Then
   dr.Read()
   session("user")= g_sUser
   Response.Redirect("Default.aspx")
 Else
   Response.Redirect("login.aspx")
 End If

Method 2 : QueryString

 dr = dsc.ExecuteReader()
 If dr.HasRows = True Then
   dr.Read()
   Response.Redirect("Default.aspx?username=g_sUser")
 Else
   Response.Redirect("login.aspx")
 End If