First, make sure your web.config in the root of the application has the forms authentication setup taking note to set the login page:
<authentication mode="Forms">
<forms name="auth" loginUrl="~/Default.aspx" timeout="20" cookieless="UseCookies" path="/" requireSSL="false" slidingExpiration="true" protection="All"/>
</authentication>
Once you have done this each sub folder must have a web.config. i.e. /Admin/web.config.
In this you will need to state the access rights for the users. i.e.
<configuration>
<system.web>
<authorization>
<allow roles="ADMIN" />
<allow roles="MANAGERS" />
<deny roles="USERS" />
<deny roles="?" />
</authorization>
</system.web>
</configuration>
If an unauthenticated user or incorrect role hits the folder they will be re-directed to the login page!