Custom Authentication using IhttpModule

I have trying to do authentication with http module. I created a class library project. The problem has been that when the user logs in and enters the url he is not authorized it works well. But anonymous user can view everything.

   private void CheckForUserPageRights()
    {
        HttpSessionState Session = HttpContext.Current.Session;

                    try
        {
            // Does User have rights to requested page?
            bool userHasPageRights;
            string currentPageName = GetCurrentPageName();
            if (currentPageName == "")
            {
                userHasPageRights = true;
            }

            DateTime startTime = DateTime.Now;
            string pageKey = String.Format("{0}::{1}::{2}",
                   currentuser,
                  roles,
                    currentPageName);

                string connStr1 = "Data Source=NISHANTH-PC\\SQLEXPRESS;Initial 
                  Catalog=roletesting;Integrated Security=True";
                using (SqlConnection conn1 = new SqlConnection(connStr1))
                {
                    conn1.Open();
                    SqlParameter param1 = new SqlParameter();

                    param1.ParameterName = "@currentpagename";

                    param1.SqlDbType = SqlDbType.NVarChar;

                    param1.Direction = ParameterDirection.Input;

                    param1.Value = currentPageName;

                    SqlParameter param = new SqlParameter();

                    param.ParameterName = "@roles";

                    param.SqlDbType = SqlDbType.NVarChar;

                    param.Direction = ParameterDirection.Input;

                    param.Value = roles[0];


                    string hasaccess = "select PageRole.hasRights from PageRole, 
                     aspnet_UsersInRoles, aspnet_Paths,aspnet_Roles,aspnet_Users  where  
                     aspnet_Paths.LoweredPath = @currentpagename and 
                     aspnet_Paths.PathId=PageRole.PathId and  PageRole.RoleId = 
                     aspnet_Roles.RoleId and aspnet_Roles.RoleName=@roles ";

                    SqlCommand coi = new开发者_运维百科 SqlCommand(hasaccess, conn1);
                    coi.Parameters.Add(param1);
                    coi.Parameters.Add(param);
                    string a = (string)coi.ExecuteScalar();

                    if (a == null )
                    {
                        userHasPageRights = true;
                    }

                    else if (a == "Y")
                    {
                        userHasPageRights = true;
                    }
                    else
                        userHasPageRights = false;


                    if (!userHasPageRights)
                    {
                        // application.Response.Redirect("AccessDenied.aspx");
                        HttpContext.Current.Response.Redirect("~/Error.aspx");
                    }

                }

            }
        catch (Exception e)
        {
        }

So, I was trying to use the if statement if currentuser is null but has not been successful. can u guys help me out?