This short article demonstrates how to use an ASP.NET HTTP Module to restrict access to your ASP.NET website based on a user’s IP address. As you probably know, it’s also possible to do this by configuring IIS, as explained in this Microsoft Knowledge Base article:

HOW TO: Restrict Site Access by IP Address or Domain Name

However, if IIS security doesn’t give you enough control and flexibility, then you can build your own custom authorisation using an HTTP Module, for example if you need to look up permitted IP addresses in a database.