As BGM has suggested, it might be better to use an the existing Users and Roles mechanism of ASP.NET to handle this. I guess you are .