If you're not too keen on reinventing the wheel, have a look at a product called Visual Guard. It allows you to easily add security to your application with minimal work, and has a really fully featured set of tools.

I usually roll my own, since the .NET Framework is pretty full-featured in this regard, but you might try the MS Authorization and Profile Application Block.

For the grungy implementation details, have you looked at "principals"? See my reply here. With this approach, you can use roles-based security in the code - such as:

    [PrincipalPermission(SecurityAction.Demand, Role="ADMIN")]
    static void SomeMethod()
    {...}

The runtime itself will now verify that the user has to have your "ADMIN" role to get into that method (obviously you could also disable the option in the UI by checking IsInRole(...)). Very powerful.

If you're experienced with ASP.NET already then you're probably familiar with the ASP.NET Membership / Role / Profile system, with default providers and the ability to add your own without too much hassle.

Wouldn't it be great if you could use all that from within your Windows Forms or WPF applications? Yes? Well then have a look at ASP.NET Application Services! You simply set up a web site to provide an authentication URL and then tell your app to use that. You can create your own custom login window and have app services open it when needed, or use your own logic and call the methods yourself.

It has full support for 'offline mode' where it caches a hash of the password to compare against, it can also cache roles and allows you to use Profile settings.