如何使标准登录不相关的web.config

在我的项目中，我实现了login.
登录页。Aspx页面包含:

<asp:Login ID="MainLogin" runat="server" onloggingin="MainLogin_LoggingIn"></asp:Login>

服务器端:

protected void MainLogin_LoggingIn(object sender, LoginCancelEventArgs e)
{
    if (FormsAuthentication.Authenticate(MainLogin.UserName, MainLogin.Password))
    {
        FormsAuthentication.RedirectFromLoginPage(MainLogin.UserName, MainLogin.RememberMeSet);
        if (FormsAuthentication.Authenticate(MainLogin.UserName, MainLogin.Password))
        {
            SqlConnection myConnection = new SqlConnection(DBConnection.GetConnectionString());
            SqlCommand myCommand = new SqlCommand("SELECT * FROM Users WHERE login=@login and pass=@pass", myConnection);
            myCommand.Parameters.AddWithValue("login", MainLogin.UserName);
            myCommand.Parameters.AddWithValue("pass", MainLogin.Password);
            myCommand.Connection.Open();
            SqlDataReader Reader = myCommand.ExecuteReader();
            while (Reader.Read())
            {
                Session["curUserRole"] = Reader["role"].ToString();
                Session["curUserLogin"] = MainLogin.UserName;
                Server.Transfer(Request.Url.LocalPath);
                FormsAuthentication.RedirectFromLoginPage(MainLogin.UserName, MainLogin.RememberMeSet);
                return;
            }
            //Reader.Close();
            //myCommand.Connection.Close();
            //myConnection.Close();                    
        }
        else { 
        }        
    }

变量写入到会话变量中。在网络。config I have:

<authentication mode="Forms">
      <forms loginUrl="Login.aspx">
        <credentials passwordFormat="Clear">
          <user name="Admin" password="sa" />
        </credentials>        
      </forms>
    </authentication>
    <authorization>
      <allow roles="Admin"/>
      <deny users="?"/>
    </authorization>

所以我输入login -"Admin"和pass -"sa"，然后它检查到web。配置，如果找到项目用户，它在数据库中检查这个项目，我只需要在数据库中检查项目，如果有一个加载启动页面，否则再次加载Login.aspx。