Are there any good tutorials for someone who is looking to add permissions to an existing website?

Using the Request.ServerVariables["AUTH_USER"] variable, I can see who is logged in now. But I want to use ASP's built in framework to manage the security as much as possible.