I have added Two Factor Authentication to my Mobile ASP.Net Web App. When the user successfully enters their User Name and Password then a pin number is emailed to their email address which is stored in the database. The issue I am having is that after notifying the user that they don’t have an email defined and then reload the login page but my code isn’t notifying the user rather it is just reloading the Login.aspx page:

Private Sub GeneratePin()
    Dim r As New Random(System.DateTime.Now.Millisecond)
    _Pin = CStr(r.Next(1000, 99999))
    _email = CIAppGlobals.CurrentUser.UsrContactEmail

    With lblPin
        .Text = "PIN has been emailed to the you please check your email now."
    End With

    If Not String.IsNullOrEmpty(_email) Then
        Dim Message As String = " Your Mobile PIN number is " & _Pin & vbNewLine & "From IP Address: " & CIAppGlobals.AppSettings.ClientIP

        Tools.SendEmail(CIAppGlobals.CurrentUser.UsrContactEmail, "Mobile App - Two Factor Authentication", Message)

    Else
        Dim sText As String = "Please contact the Administrator You do not have an email address defined within Application."
        'DirectCast(HttpContext.Current.Handler, System.Web.UI.Page).ClientScript.RegisterStartupScript(Me.[GetType](), "test", "alert('" & sText & "')", True)
        Response.Write("<script>alert('" & sText & "');</script>")
        Thread.Sleep(5000)

        'Session.Abandon()
        'FormsAuthentication.SignOut()

        Response.Redirect(ParentFolder & "/Login.aspx")
    End If

End Sub