If I understand you correctly and the code above works you can deny to certain pages like this..
<location path="AdminPage.aspx">
<system.web>
<authorization>
<allow roles="Admins" />
<deny users="*" />
</authorization>
</system.web>
</location>
The deny users = "*" will deny everyone unless they have access. This is how many do it in theirs. Hope this helps.
Then on login you can check to see if that user is an admin or not. If they are, they can access that page, if they aren't, they can't. I'm using Active Directory currently but you can use SQL or Linq to Sql to check to see if they are an admin or not.
EDIT: Here are some links that might help you in the right direction.
Link One this one is "outdated" but it will show you how it was recommended before.
Link Three This one shows you how to set up an SQLMemberShipProvider.
The third one is the one I would suggest exploring. I use an ActiveDirectoryMembershipProvider with my applications at work. I think this is going to be your best chance.