In web.config, you can mention which all users can access your city form.Based on this it will be restricted
Try this
<location path="Admin.aspx">
<system.web>
<authorization>
<allow users="user1" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="User.aspx">
<system.web>
<authorization>
<allow users="user1" />
<allow users="user2" />
<deny users="*" />
</authorization>
</system.web>
</location>