Help with MVC authenication/authorization solution
I have an MVC 3 app that I'm building, and need to figure out a good solution for managing authentication and authorization. I've used Membership, and I don't want to use it in this case -- I prefer to use my own design and tables. However, I'm open to implementing my custom logic using the built-in interfaces, if that is appropriate.
Here are my requirements:
A user can be part of one or multiple roles.
Roles may be mapped to any number of "permissions" (many-to-many). A permission is something like "Can edit other users' posts".
Each controller action may allow access to one or more roles (or may have no authorization required, for public pages).
I will also need "feature-level" control over which roles can see/update various elements on a view. May use permissions to drive these vs. roles.
As a side note, I will probably also allow members to sign up using their Facebook and/or Twitter accounts. But this can be done independently of my custom membership implementation, if that is appropriate (i.e. create a custom user on signup, then tie it to FB/Twitter account).
I'm sure somebody has done something like this before. But based on the dozen or more blogs and SO posts I've seen on this topic, none of the solutions really fit this, it doesn't seem. But there's a good chance I'm just not able to fit the pieces together, and something appropriate is staring me right in the face.
For example, I've read some about "claim based" authentication vs. "role based", but not sure I understand the differences enough to make a call, nor weather or not they require ASP.NET Membership. I've also read about building custom membership by implementing IPrincipal and IIdentity and using action filters to drive controller access, but I'm not finding any comprehensive guides to doing this, and I'm still fairly green with action filters.
I'm also not sure whether I should be using some of .NET's built-in controls for signup, authentication, forgot password, etc. My instinct is not to, as I usually like building these myself, and I'm also not sure if they would work in a custom setup. But if I'm wrong, let me know.
Thanks in advance.