what is authentication and authorization

Design the login page

design code:
<form id="form1" runat="server">
    <asp:ScriptManager ID="sm" runat="server"></asp:ScriptManager>
    <div>
    <asp:UpdatePanel ID="up" runat="server">
    <ContentTemplate>
    <table align="center">
    <tr><td>UserID</td><td><asp:TextBox ID="tb" runat="server"></asp:TextBox></td></tr>
        <tr><td>Password</td><td><asp:TextBox ID="tb1" TextMode="Password" runat="server"></asp:TextBox></td></tr>
            <tr><td>&nbsp;</td><td><asp:Button ID="btn" runat="server" Text="Submit" Width="80"
                    onclick="btn_Click" />&nbsp;<asp:Button ID="Button1" runat="server" Text="Reset" Width="80" /></td></tr>
    </table>
    </ContentTemplate>
    </asp:UpdatePanel>
    </div>
    </form>
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Configuration;


public partial class Login : System.Web.UI.Page
{
    DataClassesDataContext o = new DataClassesDataContext(ConfigurationManager.ConnectionStrings["DatabaseConnectionString"].ToString());
    protected void Page_Load(object sender, EventArgs e)
    {
      
     

    }
    protected void btn_Click(object sender, EventArgs e)
    {
        bool a=false;
        var m = (from x in o.LOGINs where x.UNAME == tb.Text && x.PASSWORD == tb1.Text select x).ToList();
        if (m.Count() > 0)
        {
            Session["type"] = m.ToList()[0].ROLE.ToString();
                FormsAuthentication.RedirectFromLoginPage(m.ToList()[0].ROLE.ToString(), a); 
        }
    }
}
default page code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["type"].ToString() == "admin")
            Response.Redirect("~/admin/admin.aspx");
        else
            Response.Redirect("~/user/user.aspx");
    }
}

web.confic file code:

<?xml version="1.0"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
    <connectionStrings>
        <add name="DatabaseConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
    </connectionStrings>
    <system.web>
        <compilation debug="true" targetFramework="4.0">
            <assemblies>
                <add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
        <authentication mode="Forms">
            <forms loginUrl="Login.aspx" defaultUrl="Default.aspx" protection="All" path="/" timeout="2880"></forms>
        </authentication>
    </system.web>
    <location path="admin">
        <system.web>
            <authorization>
                <allow users="admin"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
    <location path="user">
        <system.web>
            <authorization>
                <allow users="admin,user"/>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
</configuration>