Kevin,
I also wanted security at the page level and wasn't sure how I was going to do it. Step 1. was a good start for me. What have I done on many past web sites is similar to what Roger wants to do. So I subclassed mmBusinessWebPage as you suggested and put all of the security in my object. MyBusinessWebPage works just the way I want it. The new ControlID property shows up in the property pages for all of my pages so I can assign them a GUID with the GUID builder.

The only thing I haven't figured out yet is the best way to assign permissions for my pages to users/roles. It's easy to set security for controls because you get into Security Mode and navigate to the web page and all of the controls have the little security lock icon next to them. What would be cool is if I can get a security icon somewhere on the page to set the permission for the page itself.

Roger,
Here's some example code of what I did:

public class MyBusinessWebPage : mmBusinessWebPage
	{
		#region ImmSecurityBase Members
		// RAS: Security implementation changes

		/// <summary>
		/// Access Level property. Setting this property automatically fires the
		/// associated "Set Access" method.
		/// </summary>
		[Browsable(false), Category("Security"), 
		Description("The Access Level set for this control."),
		Editor(typeof(mmControlIDTypeEditor), typeof(UITypeEditor)),
		DefaultValue(null)]
		public virtual mmSecurityAccessLevel AccessLevel
		{
			get { return this._accessLevel; }
			set 
			{ 
				this._accessLevel = value;
			}
		}
		private mmSecurityAccessLevel _accessLevel = mmSecurityAccessLevel.Full;

		/// <summary>
		/// Unique security control ID for the web form itself
		/// </summary>
		[Browsable(true), Category("Security"), 
		Description("Unique security control ID."),
		Editor(typeof(mmControlIDTypeEditor), typeof(UITypeEditor)),
		DefaultValue(null)]
		public virtual Guid ControlID
		{
			get { return this._controlID; }
			set { this._controlID = value; }
		}
		private Guid _controlID = Guid.Empty;

		#endregion

		public MyBusinessWebPage()
		{
		}

		protected override void OnLoad(EventArgs e)
		{
			// Do default page loading, which includes redirect to Login page if needed
			base.OnLoad (e);

			// *** Check to see if user has permissions for this page
			if (this.RequiresSecurity && !this.CheckPageLevelSecurity()) 
			{				
				return;
			}
		}

		/// <summary>
		/// Checks to see if this page has security restrictions.
		/// Displays error message instead of regular content if user doesn't have correct permissions
		/// </summary>
		public virtual bool CheckPageLevelSecurity()
		{	
			if (this.SecurityUserPk == null)
			{
				// If user is not logged in, then they definitely don't have permissions
				this.AccessLevel = mmSecurityAccessLevel.None;
			}
			else
			{
				// Get this user's access level to this web page
				this.AccessLevel = this.SecurityManager.GetAccessLevel(this.SecurityUserPk, this.ControlID);
			}
			
			// If this user has no permissions for this page, redirect to the Error Message page
			if (this.AccessLevel == mmSecurityAccessLevel.None)
			{
				string Header = "Permission Denied";
				string Message = "You do not have sufficient permissions to access this web page!";
				string Url = "javascript: history.go(-1)";
				int Timeout = 30;

				mmMessageDisplay.DisplayMessage(Context, Header, Message, Url, Timeout);
				
				return false;
			}
			else
			{
				return true;
			}
		}
	}