Hello, I need to ask: I use Forms Authentication in my ASP.NET application.
but when I publish the web after the user login, if he didn't signout he just close the browser and after that he browse it again it will redirect him to default page. How can I enforce redirecting him to the login page even if he didn't sign out?
It will depend on whether or not their asp.net session id cookie still exists, or whether they have cookies enabled at all. To enforce redirecting to the login page you will need to find out how to make the cookies be lost when the browser is closed. In my experience this is the default behaviour anyway.
I will suggest you to check asp.net Membership,Profile and Role provider for specifically manage user Logins, Passwords and their profile.
This is one of the good articles from Scott Gu, you should bookmark when you want to work with Membership and Profiles.
You should see the documentation for forms authentication specified here. You can force the cookies to expire whenever you want setting the timeout attribute. Also, you could not use cookies at all by using the cookieless attribute. There are other optional attributes that could be useful for you, that might not be related to your question as well.