Use Forms Authentication.
Use some thing like this at web.config
<location path="secure">
<system.web>
<authorization>
<deny users="?"/>
<deny users="jhon"/>
</authorization>
</system.web>
</location>
secure is a folder which contains your secure webforms.
<authentication mode="Forms">
<forms loginUrl="Default.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" >
<credentials passwordFormat="Clear">
<user name="kim" password="kim@123"/>
<user name="jhon" password="jhonn"/>
</credentials>
</forms>
</authentication>