Use Forms Authentication.
Use some thing like this at web.config
<location path="secure">
<system.web>
<authorization>
<deny users="?"/>
<deny users="jhon"/>
</authorization>
</system.web>
</location>
secure is a folder which contains your secure webforms.
<authentication mode="Forms">
<forms loginUrl="Default.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" >
<credentials passwordFormat="Clear">
<user name="kim" password="kim@123"/>
<user name="jhon" password="jhonn"/>
</credentials>
</forms>
</authentication>
Now at server side code
Default.aspx is your login form, Drag Two TextBoxes and a Button
at click event of button write following code. Default2.aspx is destination page. Secure is a folder which can have webforms which you wants to make secure like you are talking about services.
if (FormsAuthentication.Authenticate(TextBox1.Text, TextBox2.Text))
{
FormsAuthentication.SetAuthCookie(
this.TextBox1.Text.Trim(), false);
FormsAuthenticationTicket ticket1 =
new FormsAuthenticationTicket(
1,
this.TextBox1.Text.Trim(),
DateTime.Now,
DateTime.Now.AddMinutes(10),
false,
"HR"
);
HttpCookie cookie1 = new HttpCookie(
FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket1));
Response.Cookies.Add(cookie1);
String returnUrl1;
if (Request.QueryString["ReturnUrl"] == null)
{
returnUrl1 = "Default2.aspx";
}
else
{
returnUrl1 = Request.QueryString["ReturnUrl"];
}
Response.Redirect(returnUrl1);
}