Control Authorization by Modifying the Web.config File
To restrict access to ASP.NET applications that use forms authentication, edit the <authorization> element in the application’s Web.config file. To do this, follow these steps: 1.Start a text editor, such as Notepad, and then open the Web.config file that is located in the application’s root folder.
Note If the Web.config file does not exist, create a Web.config file for the ASP.NET application.
2.If you want to control authorization for the whole application, add the <authorization> configuration element to the <system.web> element in the Web.config file.
3.In the <authorization> element, add the <allow> configuration element and the <deny> configuration element. Use the users attribute to specify a comma-delimited list of user names. You can use a question mark (?) as a wildcard character that matches any user name. For example, the following code denies access to all users except user1 and user2:
<authorization>
<allow users="user1, user2"/>
<deny users="?"/>
</authorization>
4.Save the Web.config file.
Note For more information about configuring directory-specific and file-specific settings, see the References section of this article.
http://asp.net.bigresource.com/How-to-Restrict-Access-to-an-specified-folder-gjhYAFCyM.html[
^]
http://forums.asp.net/t/1666926.aspx/1[
^]
http://stackoverflow.com/questions/10544276/how-to-restrict-access-to-web-pages-for-different-types-of-users[
^]
http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx[
^]
Thanks,
Ambesha