Usually this is controlled at a UI level.
However you can do :
...
[System.Security.Permissions.PrincipalPermission(System.Security.Permissions.SecurityAction.Demand, Role="DoDelete")]
public void DoDelete()
{
}
...
Which would require the user to have a "DoDelete" role in their security context otherwise the CLR will throw a
SecurityException
and somewhere in your login code you would do the following for the login user :
public void btnLogin_click(object sender, EventArgs e)
{
if(Authenticate(username, password))
{
GenericIdentity id = new GenericIdentity(username);
Thread.CurrentPrincipal = new GenericPrincipal(id, new string[] {"Admin", "PowerUser", "DoDelete"});
}
}