you can keep session when user login by username and Password by below code
session["userId"]=userId;
ok,
now you should go to from login page to default page,for example.
in default page load you must check if user login is valid then show this page to user and otherwise user mus be redirect to login page .this line of code must added to default page load or another page that your going to go there:
if (session["userId"]==null)
response.redirect("Login.aspx");