You can use the built in authorisation functionality of ASP.Net
http://msdn.microsoft.com/en-us/library/ff649100.aspx[
^]
For example, by adding the following to your web.config you would deny all users that are not authenticated from your site content
<authorization>
<deny users="?"/>
</authorization>
Then you would need to consider how the user is going to authenticate. Will you use
Forms Authentication[
^] or
Windows Authentication[
^] (for something like an Intranet application)?
You can add additional web.config files to particular folders within your application directory structure. For example, say I have a section of the site that is for 'Administrators' only, I'd add a folder called Admin (or whatever) and put all my pages in there.
Then, I'd add a web.config to the Admin folder with the following...
<configuration>
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
Now, anyone trying to access this folder will have their role membership interogated and only members of the Administrators role will be allowed to view the contents. You can handle any 'Not authorised' response with a redirect.
Have a read up on
Security Basics[
^]