Function ValidateUser(ByVal userName As String, ByVal passWord As String) As Boolean

        Dim conn As SqlConnection
        Dim cmd As SqlCommand
        Dim lookupPassword As String

        Session("Username") = userName & " Hello"
        lookupPassword = Nothing

        'CHECK FOR A INVALID USERNAME
        If ((userName Is Nothing)) Then
            System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName Failed.")
            Return False
        End If

        'Check for invalid password
        If (passWord Is Nothing) Then
            System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.")
            Return False
        End If

        If ((passWord.Length = 0) Or (passWord.Length > 25)) Then
            System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of password failde.")
            Return False

        End If
        Try
            Dim strconn As String = "Data Source=.\SQLEXPRESS;AttachDbFilename='C:\Documents and Settings\Documenti\Visual Studio 2010\WebSites\APP_DATA\database.mdf';Integrated Security=True;User Instance=True"
            conn = New SqlConnection(strconn)
            conn.Open()
            ' cmd = New SqlCommand("Select pwd from Users where uname=@userName", conn)
            cmd = New SqlCommand("SELECT password FROM utenti where Username=@userName", conn)
            cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25)
            cmd.Parameters("@userName").Value = userName
            lookupPassword = cmd.ExecuteScalar
            cmd.Dispose()
            conn.Dispose()
        Catch ex As Exception
            System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception" & ex.Message)
        End Try

        'if no password found
        If (lookupPassword Is Nothing) Then
            Return False
        End If

        Return (String.Compare(Trim(lookupPassword), passWord, False) = 0)
    End Function