You may follow the steps below.
1. Choose and Implement one of the authentication mode.
2. Define authorization levels as shown below.
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<location path="subdir1">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
</configuration>
3. Another way is to group the aspx files to
folders depending on their authorization level.
3. Have separate web.config for each of the folders with
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
Cheers
Balaji