-To Disable
back button try this:
1.Write this code in master page in page load event
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
and
2.Write this code in login page in head section
<script type="text/javascript">
window.history.forward(-1);
</script>
-To restrict the User by accessing pages using
URL try this:
After a user is authenticated, create a session object indicating that. In every page check if that session object has the authenticated value.
Something like:
Session["validated"] = true;
if(Session["validated"] == null)
Response.Redirect("Login.aspx");
else