The built-in mechanism is a little low level for doing these sorts of check (since it's based on CAS). You should look into the Thinktecture IdentityModel helper library for these things. We provide an easier mechanism/API to do claims based checks:
http://leastprivilege.com/2012/10/26/using-claims-based-authorization-in-mvc-and-web-api/