First things first: don't do it like that! Particularly with a website, what you are doing is poor security, and very, very dangerous. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead, or I can access your login screen, and bypass your passwords, or destroy your database without even logging in.
string qry="SELECT * FROM user_login WHERE username=@UN AND password=@PW";
cmd=new SqlCommand(qry,con);
cmd.Parameters.AddWithValue("@UN", TextBox1.Text);
cmd.Parameters.AddWithValue("@PW", TextBox2.Text);
dr=cmd.ExecuteReader();
Is the parametrized version.
Secondly, in the real world, never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]
Thirdly, don't use Visual Studio defaults for control names: it makes your code a lot more readable, understandable, reliable, and maintainable if you use sensible names for your controls instead. You may remember today the TextBox1 is the username, but in six weeks time when you revisit it, it's a lot more obvious if you had called it tbUserName, isn't it?
Now, what you need to do is add a row to your database: an ID row that you can use to uniquely identify a user - even if they change their username. This site (and nearly all others do, and they even let you know what yours is: if you go to your "home" page it tells you: "Member No. 10628229" and mine would be "Member No. 6122202". This can be an Identity field, so SQL will keep track of it and you don't need to do anything to ensure they are unique.
Now, when you user logs in, read that out, and save it.
The easiest way to do that is:
Session["UserId"] = userId;
Now when you load a page, all you have to do is:
object o = Session["UserId"];
if (o != null)
{
int userID = (int) o;
}
You can then use that userId value to access your SQl database and retrieve all the info you want about the user, and present it to him via your web page.
The Session array will store the userId until the browser closes (or twenty minutes without him doing anything, whichever comes first).