User-359936451 posted
Ok you have some design issues here. First default.aspx is typically (almost always) the home page for the site and mapped that way by IIS. This means that any user coming to your site must land on this page. Its configurable so you can change it, but that
is much more work than you need to do.
I would suggest you do this.
Add a new page to your site call it authHomePage.aspx or something unique. In the Page Load event for this page add the following....
If Not Request.IsAuthenticated Then
Server.Transfer("~\Default.aspx")
End If
This will send any non-authenticated user that tries to access your new web page back to the default.aspx home page.
And then in your logon control, when a user is authenticated, also send them to the new page. You could also add new folder to your project and place your new authHomePage.aspx file in that new folder and build out entirely secured access only section
in your web site. Then in this folder add a web config that only allows authenticated users.
Hope this helps.