Kelsey's answer is right on the mark, but I wanted to add something to the discussion. Another option is to not actually have "admin" routes at all, but instead require admin authenticated sessions for actually accessing the restricted urls.
This is often how things are done in "traditional" RESTful applications. Your controller represents the type of resource you are manipulating, the action is the verb, and the id is the unique identifier for a specific member of that resource.
In other words, instead of having:
/content/list (for normal users)
/admin/content/add (for admins)
You would have
/content/list (for everyone)
/content/add (for admin, but must be authenticated to work)
Adding /admin/ to the URL doesn't really add any benifits (except perhaps that you can write your securing logic with just a single rule against anything under /admin), but the tradeoff is more complicated routes and breaking standard RESTful. Breaking standard practices isn't in of itself a bad thing, but you should consider that they are standard for a reason, and unless you have specific benefits for breaking them, you might consider adhering to them.
It should be noted that in both URL styles you need to be authenticating the user, otherwise anyone could use it.
In ASP.NET MVC, you can restrict access to actions (or even whole controllers) based on user level using ActionFilters. By decorating your admin-only actions with these filters, you can ensure only authenticated adminstrative users can actually use them.
Read Scott Gu's blog entry or Rob Connery's post for more information.