After authenticating a user using forms authentication, we may want to restict access to certain parts of the website to certain users - i.e. Authorize users.
To implement Role based authorization we would need to set up a database containing info about which role a user belongs to. Then we need to construct a Principal object specifying which role the user belongs to and assign it to the HttpContext user property.
An excellent article discussing this concept is at: