How secure is this ASP.Net authentication model?

I created a web authentication application using C # and asp.net and want to bounce off on how secure you think this is. All navigation is done using https.

User registration

• The user enters 3 datapoints (SSN, Lname, and DOB). If this combination is found on our system, the session variable is set and goes to the next page.
• If the session variable is set to # 1, continue and ask for the username, pwd, security q & A, etc. Use Linq to save data and verify the session variable before the actual save event. The PWD and security response are hashed using salt and sha. (use validation restrictions and text field restrictions to limit input)

Reset password

• Same as # 1 upon registration, but includes username. If everything is ok, set the session variable step 1.
• If you set the session variable step 1, ask a security question up to 3 times. Salt / hash and check the salt / hash of the database. If a match, set the session variable of the 2nd step (use validation restrictions and text field restrictions to limit input)
• Check session variable 2. Ask for a new pwd. Hash / salt and save using LINQ.

Login (use validation restrictions and text field restrictions to limit input)

• Collect username and password. A HASH / salt password that matches the username and checks if the password matches the hash. If everything is ok, install custom objects and go to the default page.
• . Masterpage , . , , .

, .

- ? MS- auth, , , FBA. , ? ?

, ?