code behind login.aspx.vb error, please help

Hi everybody

I am using the following code behind login.aspx.vb. When a user uses wrong passwor then redirect to "expirationmessage.aspx" page, but when that user uses right password he can easily enter the site. IS THERE ANY WRONG. PLEASE HELP.

Another Qestion:: has there any wrong funtioning in 'Expiration of User' function. I use

Dim RenewDate = Profile.GetProfile(Login1.UserName).DateRenewed

        If DateDiff(DateInterval.day, RenewDate, DateTime.Now) > 365 Then
            Response.Redirect("~/expirationmessage.aspx")


===========the code behind========

Partial Class Login
    Inherits System.Web.UI.Page

    Protected Sub Login1_LoginError(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoginError
        'Set the parameters for InvalidCredentialsLogDataSource
        InvalidCredentialsLogDataSource.InsertParameters("ApplicationName").DefaultValue = Membership.ApplicationName
        InvalidCredentialsLogDataSource.InsertParameters("UserName").DefaultValue = Login1.UserName
        InvalidCredentialsLogDataSource.InsertParameters("IPAddress").DefaultValue = Request.UserHostAddress

        'The password is only supplied if the user enters an invalid username or invalid password - set it to Nothing, by default
        InvalidCredentialsLogDataSource.InsertParameters("Password").DefaultValue = Nothing


        'There was a problem logging in the user
        'See if this user exists in the database
        Dim userInfo As MembershipUser = Membership.GetUser(Login1.UserName)
        Dim RenewDate = Profile.GetProfile(Login1.UserName).DateRenewed
        If userInfo Is Nothing Then
            'The user entered an invalid username...
            Response.Redirect("~/invaliduser.aspx")
            'The password is only supplied if the user enters an invalid username or invalid password
            InvalidCredentialsLogDataSource.InsertParameters("Password").DefaultValue = Login1.Password
        End If

        'See if the user is locked out or not approved
        If Not userInfo.IsApproved Then
            Response.Redirect("~/approval.aspx")
        End If
        If userInfo.IsLockedOut Then
            Response.Redirect("~/idlock.aspx")
        End If
        'Expiration of User
        If DateDiff(DateInterval.day, RenewDate, DateTime.Now) > 365 Then
            Response.Redirect("~/expirationmessage.aspx")
        End If
        'The password was incorrect (don't show anything, the Login control already describes the problem)


        'The password is only supplied if the user enters an invalid username or invalid password
        InvalidCredentialsLogDataSource.InsertParameters("Password").DefaultValue = Login1.Password




        'Add a new record to the InvalidCredentialsLog table
        InvalidCredentialsLogDataSource.Insert()
    End Sub

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        'If the person is already logged in, but is being redirected to the login page from some other
        'page, then they were attempting to visit a page they weren't authorized for
        If Request.IsAuthenticated AndAlso Request.QueryString("ReturnUrl") IsNot Nothing Then
            Response.Redirect("~/unauthorizeduser.aspx")
        End If
    End Sub
End Class