Depending on user permissions some pages will be available to him, and others not.
We created the base page that inherits the System.Web.Ui.Page, and all pages inherit this page.
In Page_load event (of our base pages class) we check if user is allowed to view the page.
If not we redirect to another page that says not allowed (Response.Redirect).
Is this a good approach or there is something better?
Note:
Thanks all for suggestions, but ASP.NET Membership is not an option by requirements :(. Sorry.
Check out ASP.NET Membership, read this article on MSDN: Introduction to Membership. You don't want to re-invent the wheel. Membership will let you control locations, files, folders etc on roles / users.
It's a really powerfull mechanism
Here are some usefull links: