This article shows you how security works in ASP.NET as well as the different ways of doing it; there is no code just a whole bunch of flow charts.
Traditional Security on the web
The usually when a user requests a page IIS does this -
This kind of security is ok for most people. However, to set up individual permissions you have to add new Windows accounts and that takes time to do.
People who want to provide their own user-level security use a database and the following layout:
But this layout has to be on every page that you want security, sure you could use a server side include, but isn't it much easier to have it done automatically for you?