Please read one of the earlier articles on Forms Authentication for an introduction and to see the required settings in the web.config file. The code below is just a modification of the login.aspx page. 

<%@Page Language="VB" Trace="false"%>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Xml" %>
<script language="VB" runat=server>  
  Sub ValidateLogin(Src as Object, E as EventArgs) 
  Dim sXmlPath As String = "C:\Inetpub\wwwroot\users.xml"    
  Dim oXmlDoc As New XmlDocument()    
  Try      
    oXmlDoc.Load(sXmlPath)    
  Catch oError As Exception
     StatusMessage.innerHTML = "There was an error:<BR>" & oError.Message & "<BR>" _ 
       & oError.Source & "."      
     Exit Sub    
   End Try    
   Dim oXmlUser As XmlNodeList    
   oXmlUser = oXmlDoc.GetElementsByTagname(txtUser.Value)
   If Not (oXmlUser Is Nothing) Then
     If txtPwd.Value = oXmlUser(0).FirstChild().Value Then
        FormsAuthentication.RedirectFromLoginPage(txtUser.Value, false)
      Else
       StatusMessage.InnerHtml = "Invalid login"
     End If
    End If
  End Sub
</script>
<html>
<head>
  <title>Forms Authentication Against An XML File</title>
</head>
<body>
<form method="post" runat="server">
  Username: <INPUT type="text" name="txtUser" id="txtUser"runat="server"/><BR>
  Password: <INPUT type="password" name="txtPwd" id="txtPwd"runat="server"/><BR>
<INPUT type="submit" OnServerClick="ValidateLogin" runat="server"/>
</form>
<SPAN id="StatusMessage" runat="server"/>
</body>
</html>

Here is the XML file used to hold the usernames and passwords. 

<?xml version="1.0" ?><users>  <!-- format is <username>password</username> -->  
<user1>pass1</user1>  <user2>pass2</user2>  <user3>pass3</user3></users>
~Brad 

Brad Kingsley is founder and president of ORCS Web, Inc. - a company that provides managed hosting services for clients who develop and deploy their applications on Microsoft Windows platforms. 

<%@Page Language="VB" Trace="false"%>