Ensure you have created the project using the following procedure:
<authentication mode="Forms"></authentication> <roleManager enabled="true"></roleManager>
Add a web.config file to the folder within your website that you wish to secure. See below for example contents of a web.config file which restricts access to users that are logged in (by denying access to anonymous users)
<?xml version="1.0"?> <configuration> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </configuration>
See page 632 of the Professional ASP.NET 4 (or page 736 of the v4.5 book) book for further examples of how to set access rules.
Read Chapter 15 of the v4 book or chapter 19 of the v4.5 book for further information on how to secure elements of a website.