See the question and my original answer on StackOverflow

The WindowsBuiltInRole enumeration corresponds exactly to Windows SIDs, and precisely to well-kwown SIDS associated with a Windows built-in group: Well-known security identifiers in Windows operating systems, all the SIDs starting with 'S-1-5-32-'.

The integer value of the enum value corresponds to the last number in the sid, so, because WindowsBuiltInRole.Administrator is 544, it corresponds to S-1-5-32-544. So what you're checking using this code is really if the user belongs to the Administrators group:

SID: S-1-5-32-544

Name: Administrators

Description: A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group.