Now how do i prevent re entry into the site by typing the url of the internal pages in the address bar.

How are you actually tracking the authentication? Forms authentication? Windows authentication? Something custom? Essentially, what you need to do is have those pages check for a valid authentication token. If no such token exists, redirect to the login page or an error or something to that effect.

You can do this by checking for authentication manually in the Page_Init method (which can access Session data, Cookies data, etc. where you’d store such a token), you can use various methods built-in, etc.

The concept is the same as it was in PHP, the tooling is just a little different.

While working with PHP i used session_start() and ob_end_flush() at the beginning and the end of each page…..What is it im supposed to use in c#?

You don’t need to explicitly start/end session state in ASP.NET. Any code in the scope of the web application can access session state/values via System.Web.HttpContext.Current.Session. Any request coming from the same session will have this data associated with it.

Also how do i include .cs file from app_code folder to a aspx.cs

While in PHP you had to include files, in ASP.NET it’s compiled code so the file isn’t so important. What you need to reference is the namespace/class to use the code. For example…

If you have the following in a file in App_Code:

namespace MyApplicationCode
{
    public class SomeCode
    {
        // stuff in the class
    }
}

Then from any code within the application you should be able to use it by it’s fully-qualified name (MyApplicationCode.SomeCode):

var someVariable = new MyApplicationCode.SomeCode();

Additionally, you can add a using statement in the header of the code file:

using MyApplicationCode;

And then access it directly:

var someVariable = new SomeCode();