Personally, I would recommend that you look a little more closely at the task you are trying to do. It is a bit more complex that "create a login page and check the name and password". In order to have this work you will need:
1) a login page
2) a registration page
3) a change password page
4) a "forgot my password" mechanism
5) a system of preventing users from accessing pages unless they are logged in
6) a redirection system
Why re-invent the wheel? Use the standard Membership system, which will provide all the difficult bits for you:
Introduction to Membership[
^] If you must use an XML database (and I seriously wouldn't recommend that) then it is not a lot of work to implement a custom Membership provider that works seamlessly with the Membership system.