Write ASP.NET program for User Login

CREATE PROCEDURE [dbo].[Validate_User]
      @Username VARCHAR(20),
      @Password VARCHAR(20),
              @Msg varchar(200) out
AS
set @Msg = ''

SET NOCOUNT ON

IF EXISTS(SELECT * FROM UserLogIn WHERE username = @username AND password = @password)
   set @Msg = 'Valid password'
ELSE
   set @Msg = 'Invalid username or password'

Login.aspx

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
         <title>LogIn Page</title>
    </head>
   <body>
           <%@ Import Namespace="System.Data.SqlClient" %>
           <%@ Import Namespace="System.Data" %>
           <%@ Import Namespace="System" %>
           <%@ Import Namespace=" System.Configuration" %>

          <script language="VB" runat="server">

            Protected Sub ValidateUser(sender As Object, e As EventArgs)
                Using oConn As New SqlConnection

                     Dim cmd As New SqlCommand
                     Dim pIn As New SqlParameter
                     Dim pOut As New SqlParameter
                     oConn.ConnectionString = ConfigurationSettings.AppSettings("ConnectionString")
                     oConn.Open()

                     cmd = New SqlCommand("Validate_User", oConn)
                     cmd.CommandType = CommandType.StoredProcedure
                     pIn = cmd.Parameters.Add("@Username", SqlDbType.VarChar, 20)
                     pIn.Value = txtUserid.Text
                     pIn = cmd.Parameters.Add("@Password", SqlDbType.VarChar, 20)
                     pIn.Value = txtPwd.Text

                     Dim Msg As New SqlParameter("@Msg", SqlDbType.VarChar, 200)
                     Msg.Direction = ParameterDirection.Output

                     cmd.Parameters.Add(Msg)
                     cmd.ExecuteNonQuery()

                     lblStatus.Visible = True
                     lblStatus.Enabled = True
                     lblStatus.Text = Msg.Value
                     If Msg.Value = "Valid password" Then
                          Response.Redirect("welcome.aspx")
                    End If

               End Using
        End Sub

    </script>
    <body>
         <form id="form1" runat="server">
   
             <fieldset style="width:280px; background-color:aqua">
                   <asp:Label ID="lblStatus" runat="server" Text=""></asp:Label>
                   <table>
                         <tr>
                              <td>User ID:<font color="#cc0000">*</font></td>
                              <td><asp:TextBox ID="txtUserid" runat="server"></asp:TextBox><br /></td>
                         </tr>
                         <tr>
                               <td> Password:<font color="#cc0000">*</font></td>
                               <td><asp:TextBox ID="txtPwd" runat="server" TextMode="Password"></asp:TextBox><br /></td>
                         </tr>
                         <tr>
                              <td></td>
                              <td><asp:Button ID="btnLogin" runat="server" Text="Login" OnClick ="ValidateUser" /></td>
                         </tr>
                    </table>
              </fieldset>

           </form>
      </body>
</html>