@Djibril All you need to do is set this up in the Security Provider window. See here.
So in your case, on the ‘web-user.php’ page you will have security provider with If User Not Logged In, Go To field set as ‘login.php?return=web-user.php’ (login.php being your login page).
Then if a user hits your web-user.php and is not signed in, they will be re-directed to the login page and then finally back to the web-user page once signed in. Hope that makes sense.