Found a working solution on the net if your intrested Fuman...
http://www.xoc.net/works/tips/forms-authentication.aspi altered it slightly on my version to use a control that calls stored procedures and outputs the results back to me instead of the plain text info stored in web.config
Private Function ValidateUser(ByVal strUsername As String, ByVal strPassword As String) As Boolean
Return true if the username and password is valid, false if it isnt
Dim sHashedPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword, "MD5")
Dim loginOk As Boolean = dbOperations.CheckLogin(strUsername, sHashedPassword)
Return loginOk
End Function
Private Function AssignRoles(ByVal strUsername As String) As String
Return a | separated list of roles this user is a member of
Return dbOperations.AssignUserRoles(strUsername)
End Function
other than that its the same as in the example.
if you need to protect aspx pages, put them in a subfolder from the root of the site and put a web.config file in the directory with this in :
the magic code is in the Global.asax file that controls the session data
its also roles based so you can hide important buttons like delete record from an unprivlaged but logged in user by hiding the button if the roles dont match.
should get you running