Hi,
How can I protect the username & password fields against brute force attack in ASP page?

The best way to prevent brute force attacks on your login screen is to do an account lockout after x failed attempts. You can block on IP or on account.