Rhino security seems to offer a nice way to perform task/activity based authorization. This is some example code:
bool isAllowed = authorizationService.IsAllowed(userXYZ, "/Messages/Change");
It checks whether userXYZ can perform activity 'Change' on resource 'Messages'. This is all great but I do not like the way the resource and activity is hard coded. Do you reckon there is a way to overcome this? Thanks!
Why dont use web.configs? Check this nice article http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx