See the question and my original answer on StackOverflow

Not sure what your exactly after, but it's worth to note the standard PrincipalPermissionAttribute Class works fine with ASP.NET roles implemented with this provider technology.

It means you can use Code Access Security, and declarative attributes to ensure your API/Domain/Methods can only be access by users in a specific role. So yes, you can enforce security beyond UI layers using ASP.NET Membership.