Simple login page not identifying authenticated user correctly

Hi,

I have a simple login page that I'm trying to redirect the user on login if their password is greater than 90 days old or if their password needs to be reset.  In other functions, I add "Force PW Reset" in the Comment field of the membership table so that if this value is found then the user must reset their password.

The problem is that .Net is saying that when I try to identify the user, that the object is not set to an instance of an object.  I've tried using the code onAuthenticate, onLoggingIn, onLoggedIn, and on a button click function.

here is the code that I'm using

<%@ Page Title="Log in" Language="C#" MasterPageFile="~/Site.Master" AutoEventWireup="true" %>
<%@ MasterType VirtualPath='~/site.master' %>

<%@ Import Namespace="System" %>
<%@ Import Namespace="System.Collections.Generic" %>
<%@ Import Namespace="System.Linq" %>
<%@ Import Namespace="System.Web" %>
<%@ Import Namespace="System.Web.UI" %>
<%@ Import Namespace="System.Web.UI.WebControls" %>

<%@ Import Namespace="System.IO" %>

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Net" %>
<script runat='server'>
    public void Page_Load(object sender, EventArgs e)
    {
        this.Form.Action = "users\\login.aspx";
    }

    protected void Login1_LoggedIn(object sender, EventArgs e)
    {

        //string username1 = Username;
        
       // Response.Redirect("~/default.aspx");
        
        // Create current membership user object
        TextBox tb = (TextBox)login1.FindControl("UserName");
        MembershipUser user = Membership.GetUser(tb.ToString());
        //MembershipUser user = Membership.GetUser(Context.User.Identity.Name);
        //MembershipUser user = Membership.GetUser(User.Identity.Name);


        
        // If user object is null then redirect on login page
        if (user == null)
        {
           Response.Redirect("~/users/login.aspx?type=invalid");
        }
        
        
        
        // Check last change date + 90 days is less then today's date
        if (user.Comment == "Force PW Change")
        {
            //query string is used to identify if user's password is
            // expired or he came on this page to change his password anyway
            Response.Redirect("~/users/manage.aspx?type=reset");
        }
        // Check last change date + 90 days is less then today's date

        DateTime today = DateTime.Now;
        DateTime answer = user.LastPasswordChangedDate.AddDays(90);
        DateTime test =     user.LastPasswordChangedDate.AddDays(90);
        
        if (answer > today)
        {
            //query string is used to identify if user's password is
            // expired or he came on this page to change his password anyway
            Response.Redirect("~/users/manage.aspx?type=expired");
        }
        else
        {

            
            if (Request.QueryString["ReturnUrl"] != null)
            {
                FormsAuthentication.RedirectFromLoginPage(user.UserName, false);
            }
            else
            {
                Response.Redirect("~/default.aspx?type=none");
            }
                
        }*/

    }


    protected void Login_Click(object sender, System.EventArgs e)
    {

        TextBox tb = (TextBox)login1.FindControl("UserName");
        MembershipUser user = Membership.GetUser(tb.ToString());
        //MembershipUser user = Membership.GetUser(Context.User.Identity.Name);
        //MembershipUser user = Membership.GetUser(User.Identity.Name);


        tester.Text = "tb value = " + tb.ToString();
        
        // If user object is null then redirect on login page
        if (user == null)
        {
            Response.Redirect("~/users/login.aspx?type=invalid");
        }



        // Check last change date + 90 days is less then today's date
        if (user.Comment == "Force PW Change")
        {
            //query string is used to identify if user's password is
            // expired or he came on this page to change his password anyway
            Response.Redirect("~/users/manage.aspx?type=reset");
        }
        // Check last change date + 90 days is less then today's date

        DateTime today = DateTime.Now;
        DateTime answer = user.LastPasswordChangedDate.AddDays(90);
        DateTime test = user.LastPasswordChangedDate.AddDays(90);

        if (answer > today)
        {
            //query string is used to identify if user's password is
            // expired or he came on this page to change his password anyway
            Response.Redirect("~/users/manage.aspx?type=expired");
        }
        else
        {


            if (Request.QueryString["ReturnUrl"] != null)
            {
                Response.Redirect("~/default.aspx?type=something");
            }
            else
            {
                Response.Redirect("~/default.aspx?type=none");
            }

        }
    }

    
</script>

<asp:Content runat="server" ID="BodyContent" ContentPlaceHolderID="MainContent">
    
                    
        <asp:label id='tester' runat='server'/>

    <section id="loginForm">
        <asp:Login id="login1" runat="server" ViewStateMode="Disabled" RenderOuterTable="false"  OnLoggedIn="Login1_LoggedIn">
            <LayoutTemplate>
                <p class="validation-summary-errors">
                    <asp:Literal runat="server" ID="FailureText" />
                </p>

                
                    <table class="cssdetailsview" cellspacing="0" rules="all" ItemStyle-CssClass="item" border="1" style="border-collapse:collapse;">

                     <tr class="header">
                            <td colspan="2">Log in Form</td>
                    </tr>

                    
                    <tr class="altrow">
			        <td class="fieldheader">User name:
                    </td>
                    <td><asp:TextBox runat="server" ID="UserName" />
                            <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="UserName" CssClass="field-validation-error" ErrorMessage="The user name field is required." />
                    </td>
                    </tr>
                    <tr>
			        <td class="fieldheader">Password:
                    </td>
                    <td><asp:TextBox runat="server" ID="Password" TextMode="Password" />
                    <asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="Password" CssClass="field-validation-error" ErrorMessage="The password field is required." />
                        
                    </td>
                    </tr>
                    
                    <tr class="altrow">
			        <td class="fieldheader">Remember me:
                    </td>
                    <td><asp:CheckBox runat="server" ID="RememberMe" />
                    </td>
                    </tr>
                    <tr>
			        <td style='border-right:none !Important;'>
                    </td>
                    <td style='border-left:none !Important;'><asp:Button ID="Login" runat="server" CommandName="Login" Text="Log in" /><br /><br /><a href="users\register.aspx" title="Register">Register</a> if you don't have an account.
                    </td>
                    </tr>
                </table>

            </LayoutTemplate>
        </asp:Login>
    </section>

</asp:Content>

Select allOpen in new window

I'm sure that I don't need both the loggedIn and the login_click function, I'm just not getting anywhere on this one.