ASP.NET 登录验证

Web.Config:

　　　　<system.web>
   　　　　 <authorization>
      　　　　　　<deny users="?"/>
   　　　　 </authorization>

　　　　　　<authentication mode="Forms">
      　　　　　　　　<forms loginUrl="Login.aspx" timeout="2880" defaultUrl="Default.aspx" />

   　　　　　　 </authentication>

   　　　　</system.web>

Login.aspx.cs

protected void btnLogin_Click(object sender, EventArgs e)
        {

            string userName = txtUserName.Text;
            string userPwd = txtUserPwd.Text;

            UserInfo userObj = userOper.CheckLogin(userName, userPwd);
            if (userObj == null)
                Response.Write("<script>alert('用户名或密码错误!');</script>");
            else
            {
                Session["UserInfo"] = userObj;
               
                FormsAuthentication.SetAuthCookie(userObj.UserName, false);
                Response.Cookies.Add(new HttpCookie("UserName", userObj.UserName));
                Response.Redirect(FormsAuthentication.DefaultUrl);
            }
        }