If you want to have your own security model other than the one provided by Microsoft, then make a user control and check the
Session["LoggedIn"]
variable , in
OnLoad
event handler ,to see if the user is logged in or not; if he had not logged in then redirect him to login page.
In login page if the user logged in successfully set the
Session["LoggedIn"]
to true.
Place this user control in every page you want to have restriction in it, or you can place it in master page to apply restriction to all pages without the need to place it in each individual page.