Starting MongoDB version 2.6, following example works.

• First, disable authorization if enabled.

mongodb.conf

security:
   authorization: disabled

• Restart mongod.

Connect to server using mongo client. And run the following query;

use admin;
db.createUser(
  {
    user: "admin",
    pwd: "password",
    roles: [ { role: "root", db: "admin" } ]
  }
);
exit;

• Enable authorization by editing mongodb.conf and restarting mongod.

mongodb.conf

security:
   authorization: enabled

Thats it.
Next time when a client logs in, they wont be able to read or edit any data without issuing the following first;

use admin;
db.auth("admin","password");