Mainly, it's a terminology issue. Let me translate your Java to ASP.NET MVC:
In ASP.NET MVC, I would use an HTML view that posts the username and password to a Controller action, which then delegates to a POCO - for the db lookup and validation. If validation fails the Controller renders the Login view for another attempt, if successful then forwards to the secure resource.
And, to WebForms:
In ASP.NET WebForms, I would use a LoginControl that postbacks the username and password back to the Login.aspx codebehind, which then delegates to a POCO - for the db lookup and validation. If validation fails the Login.aspx page would be shown again for another attempt, if successful then redirects to the secure resource.