The user has an option to enter the "
Default.aspx
" url directly in the browser address bar, by doing so the security fails.
To avoid this situation you will have to store the authenticated key in a session and use it across the page load method of all the pages for validation.
Login page
da.Fill(dt);
Session["isValidUser"] ="0";
if (dt.Rows.Count > 0)
{
Session["isValidUser"] ="1";
Response.Redirect("Default.aspx");
}
Other page:
protected void Page_Load(object sender, EventArgs e)
{
if(Session["isValidUser"] !="1")
{
Response.Redirect("ErrorPage.aspx");
}