Authentication and Authorization are two different things. If you want to Authorize someone based on a role then you can decorate a class or method with something like this:
[Authorize(Roles = "admin")]
this way the controller will reject anyone that does not have an admin role.
Newer versions of MVC have better options for authorization and authentication, but this is what is commonly used in MVC3.