If I understand you correctly you want to secure some areas of a websites to particular logins and roles, or possibly just one secure area for admin.
There isn't a single
simple answer to your problem as there are many factors deciding how security needs to be done in each particular case. For example you can restrict authentication (login) to a web form as you suggest, but you might be better off using the user's windows identity if they are logged on to an internal domain.
For authorization you can restrict which users or roles can access a particular sub-directory in the website from web config. You can make fine-grained restrictions within a page or control.
There are a really good set of tutorials
here[
^] that will get you on your way to an informed decision and provide instructions for most of the points I have made.
Hope this helps.