I am assuming that you are writing your own login system? If so, then providing such security is up to you, and it is a complicated thing, or requires you to explicitly check the authorisation in every single page load event.
The easy solution is to implement Membership:
MSDN - Introduction to Membership[
^] which lets the framework take the difficulty and allows you to set access levels by folder very easily.