After Creating the Security Assist pages using the wizard, you should add access restriction to pages in your site that you wish to be protected.
You can do this on a page by page basis by applying the Secure Page server behavior (WebAssist -> Security Assist -> Secure Page) or by using the Access Pages manager (WebAssist -> Security Assist-> Manage Site Access -> Access Pages Manager).
There are a few default access rules that Security Assist creates, the access rule to use for protecting your pages is the "Logged Into <Your Users Table>" rule (where <Your Users Table> is the name of your users table).
In the wizard, there is the option to "Include the Remember Me option" and "Include the Automatic Login option" on the login page. If these options are enabled, the login page will have 2 authenticate user server behaviors added. one for when the login form is submitted, and the other for auto login. In this case, any changes that are made to one authenticate user behavior, should also be made to the other.
You mention that no matter which access rule you chose, you always directed to the access denied page, as mentioned above, make sure you use the "Logged Into <Your Users Table>" rule. If the problem persists using that rule, it may be that the server is not properly saving session variables. to test for this, use the session test script from the following thread:
showpost.php?p=23826&postcount=2
if the session test fails, you will need to contact the host to have them correct the problem, it is most likely a bad session.save_path setting in the php.ini file.
You also mention USer level Authentication. There is a tutorial for user level authentication on the Security Assist support page in the archived documentation section for user level authentication. It was written for v21, but the concept is the same in v2.
