I hope I'm not asking too much...

I am developing a small control system as a VB .NET web app, which needs an elementary permission system.
Basically, I have a login page in which I verify whether a user has administrative or regular permissions. If a user has only regular permission he will be restricted from certain pages. Moreover, no user will be able to access any page just by typing a URL prior to a login process.
I have absolutely no idea how to maintain such feature through a session and I need some serious clues.
My database is MS Access 2000.

10x,

DNeeBrkr

Hai yaar,
Since i am new to dot net i can throw you few tips that i know to help u a bit. First thing is in each dotnet web project there is a web.config file which provides us a lot of functionalities.

Use the two tags calles Authentication and Authorization to prevent users from entering any url skipping the login page .I am giving an example here.

<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"
-->
<authentication mode="Forms">
<forms name=".CMTADMIN" loginUrl="logon.aspx" protection="All" timeout="60" />
</authentication>-->


<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
</authorization>


This will work out on any doubts feel free to contact me.