I have created a simple ASP.NET calculator in a ASPX page (which exists
in C:\Inetpub\wwwroot\ASPX folder). Before allowing a user to access
this calculator, I want to first find out whether the user is valid or
not. For the sake of brevity, assume that only the user whose UserID is
"simon" (without the quotes) & whose password is "nomis" (again,
without the quotes) will be allowed to access the calculator. So if a
user directly types the URL

http://myserver/ASPX/Calculator.aspx

in the IE address bar, the app will first check whether an
authentication cookie exists or not. I want to do this checking using
the web.config file which looks like this (note that web.config also
exists in the C:\Inetpub\wwwroot\ASPX folder):

<configuration>
   <system.web>
       <authentication mode="Forms">
           <forms name="AuthenticateUser"
loginUrl="ValidateUser.aspx">
               <credentials passwordFormat="Clear">
                   <user name="simon" password="nomis"/>
               </credentials>
           </forms>
       </authentication>
   </system.web>
</configuration>

This is the code in Calculator.aspx (which uses a user control & a
code-behind form; neither of them have been reproduced here):

<%@ Register TagPrefix="CBUC" TagName="Calculator"
Src="Calculator.ascx" %>
<script runat="server">
   Sub Page_Load(obj As Object, ea As EventArgs)
       If Not (IsNothing(Request.Cookies("AuthenticateUser"))) Then
           calci.Visible = True
       Else
           calci.Visible = False
       End If
   End Sub
</script>
<form runat="server">
<CBUC:Calculator ID="calci" runat="server"/>
</form>

When a user comes to Calculator.aspx for the very first time (by typing
the URL in the address bar), it's pretty obvious that the cookie named
"AuthenticateUser" doesn't exist. So under such circumstances,
shouldn't the user be directed to the "ValidateUser.aspx" page which is
set as the "loginUrl" attribute in the "forms" tag under the
"authentication" element in the web.config file?

Thanks,

Arpan