Custom security framework with permissions

Hi, this is a question on which any response or discussion is very welcome.

The web application that I'm working on has very high security requirements, and
basically, the normal role-based access permission does not fulfill these
requirements. This is why I'm now looking at creating our own custom security
framework but with using as much (asp).net features or api's as possible.

In short, what we need is a security structure kinda like the one in windows,
where we can set permission on everything you can think of. pages, webparts,
functionalities such as accessing this particular kind of data, updating that
data, etc... The user is always part of a role, but this role can be member of
another role etc... Permissions are set on every level and the final permissions
of the user has is the intersect of those permissions (deny permissions in any
of the hiarchy is deny everywhere). I think you have pretty much the idea by
now, if not I can write it out in more details. 
Let's see it as how the CAS permissions are done, but then on own created
permissions towards the data and functionalities we want to display or perform
from our system.

I'm sure I can re-use the membership/roles api with overwriting a lot (including
creating my own IPrinciple/IIdentity objects). But the question is how to
implement those permissions. I've been looking at the .net Security API where
there are classes such as IPermission, SecurityPermission, PermissionSet.... but
is this something I can use here? If so, how?
Any input or links to articles, resources, code, etc is highly appreciated. It
is the most important part of our (portal) application and we need to have a
good, secure and solid solution sooner or later (preferably sooner than later
since we're still in design/demo fase of it).

Also, anybody has some input in how to store these permission-links in the
database structure? I may have some ideas, but as long as I'm missing the big
picture it's quite difficult.

Thanks for any response.

I would suggest looking into extending the RoleProvider or MembershipProvider to
meet your needs.  Sometimes the default providers won't meet exactly what you
need.  Create your own class and extend the providers to see what is needed
inside each class to needs to override.  I've found myself not using the
MembershipProvider sometimes, b/c it was not needed.

Oh yes, ofcourse I will need to extend those providers. The Roles need to
support role hiarchy, the principal need to provide a method like
"HasPermission" etc...
But that doesn't resolve my "Security.Permissions" framework
structure. I need to find out a way to make the permissions structure work :D