no es tan complicado, prueba asi:
Código:
sQuery = "Select * From users where username = '" & sUser & "' and password='"&sPwd&"'"
rs.Open sQuery,cn
If rs.EOF then
Application("ValidUser") = 1
session("nautoriza")=-1
Response.Redirect("login.asp")
Else
Application("ValidUser") = 0
Session("User")=sUser
Session("Pwd")=sPwd
session("nautoriza")=1
Response.Redirect("info.asp")
End If
rs.Close
Set rs = Nothing
cn.close
set cn = Nothing