How best to implement CHMOD type roles for a ASP.NET web application

Currently in my Web application I have simple USER_LEVEL field against the user credentials e.g

1. Normal
2. Authoriser
3. Admin

As we get further into development I see more ambiguity coming into these roles and expanding the types that are there, so in theory an Admin role would essentially give that person 777 access to everything (not necessarily 777 in the traditional CHMOD way but essentially carte Blanche to do what they wanted).

How best in the ASP.NET world would I go about implementing such behaviour (I noticed ASP.NET has built in Roles methods however 开发者_如何学JAVAat this stage in the project I am not sure attempting to bolt this feature on would work.

Can anyone point at any tutorials or own experiences in implementing this or point me in the direction of what should be used if this isn't considered best practice?

Here is good series of articles about asp.net membership. It may help you to implement your own authentication.

https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx