Custom fine-grained claims based authorization system in ASP.NET MVC - wheres and hows

Question

So, I'd like to implement my own custom authorization system in MVC2.

If I'd have to create a global class, where do I instantiate it? Can HttpContext be extended with my own additions and where do I do that? Should I use Authorization filters for rights validation or ActionFilters or do it within an action? Can ActionFilter pass any data to the action itself?

Previously (in WebForms) I was using a Session object where I would put a serialized object containing essential user data (account id and a list of roles and rights) and I'd extend my own Page class.

Answer 1

Does this thread help?

How do I create a custom membership provider for ASP.NET MVC 2?