login redirect doesn't work

From: gorden blom (gordenblom_at_hotmail.com)
Date: 10/07/03 

Date: 7 Oct 2003 03:20:31 -0700

Hello,

I'm working on a asp.net/C# project, but I haven't got a lot of
experience with programming with C# and the dotnet framework. I've
build a login screen at witch users can login. All goes fine until I
try to redirect the user to the protected pages. Can anyone help me?
The code is as followed:

using System;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Text;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Security;
using Microsoft.ApplicationBlocks.Data;

public class login : System.Web.UI.UserControl {

public System.Web.UI.WebControls.TextBox txtUsername;
public System.Web.UI.WebControls.TextBox txtPassword;
public System.Web.UI.WebControls.Button btnLogin;
public System.Web.UI.WebControls.Label lblOutput;

#region Web Form Designer generated code
        override protected void OnInit(EventArgs e) {
                InitializeComponent();
                base.OnInit(e);
        }

        private void InitializeComponent() {
                this.btnLogin.Click += new
System.EventHandler(this.btnLogin_OnClick);
        }
#endregion

public void btnLogin_OnClick(object sender, System.EventArgs e) {

    lblOutput.Text = "";

    SqlConnection sqlCon = new
SqlConnection(ConfigurationSettings.AppSettings.Get("DBconString"));

    if(txtUsername.Text != ""){

        if(txtPassword.Text != ""){

            try {

                sqlCon.Open ();

                string strSql = ("select count (*) from login where
username = '"+ txtUsername.Text +"' and password = '" +
txtPassword.Text +"'") ;

                SqlCommand command = new SqlCommand(strSql, sqlCon);

                int count = (int) command.ExecuteScalar ();

                if (count > 0) {
                    string strSqlGetRole = ("select role from login
where username = '"+ txtUsername.Text +"' and password = '" +
txtPassword.Text +"'");
                    SqlCommand commandGetRole = new
SqlCommand(strSqlGetRole, sqlCon);
                    string strRole = (string)
commandGetRole.ExecuteScalar();
                    FormsAuthentication.SetAuthCookie
(txtUsername.Text, true);
                    Response.Redirect("ProtectedPage.aspx");
                }
                else {
                    lblOutput.Text = "login failed!!";
                }
            }

            catch (SqlException ex) {
                Console.WriteLine("Error: {0}", ex.Errors[0].Message);
            }

            finally {
                sqlCon.Close ();
                }
            }
            else {
                lblOutput.Text = "Enter Password";
            }
        }
        else {
            lblOutput.Text = "Enter Username";
        }
    }

}

The web.config file is like this:

<configuration>
         <appSettings>
            <add key="DBconString" value="server='(local)';
trusted_connection=true; database='ATD_db'"/>
         </appSettings>
  <system.web>
    <authentication mode="Forms">
      <forms name="AuthCookie" loginUrl="logincontrol.aspx"
protection="None" timeout="30" path="\"></forms>
    </authentication>
           <authorization>
               <deny users="?"></deny>
       </authorization>
    </system.web>
</configuration>

Can anyone help me?