How do you do Access Control in C#?

Question

How do you do Business-logic level access control in C#? I started tinkering with a simple system last night that lives inside LINQ objects, but I realized that I'd never seen a particularly clean access control system. I'd like to know how the gurus do it and see if you spot any holes in my late night toy.

I feel like I'm jumping through some unneeded hoops in order to build a flexible read-only access control object, it just seems like there should be some framework prebuilt widget I'm unaware of.

#region Simple Demo
public class SomeObject
{
    public AccessControl AccessControl;
    public SomeObject()
    {
        ConfigureAccessControl();
    }
    private void ConfigureAccessControl()
    {
        AccessControlBuilder acb = new AccessControlBuilder();
        acb.AddRole(UserTypes.Admin, true, true);
        acb.AddRole(UserTypes.Anonymous, true, true);
        acb.AddRole(UserTypes.Owner, true, true);
        acb.AddRole(UserTypes.User, true, true);
        AccessControl = acb.GetAccessControl();
    }
}

public class ObjectFactory
{
    private int _requestingUserId;
    public ObjectFactory(int RequestingUserId)
    {
        _requestingUserId = RequestingUserId;
    }

    public SomeObject GetSomeObject()
    {
        SomeObject sso = new SomeObject();
        if (sso.AccessControl.UserAllowed(_requestingUserId, UserActions.Read))
            return new SomeObject();
        else
            throw new Exception("Unauthorized Access");
    }
}
#endregion

#region AccessControl Code
public class AccessControl
{
    private Hashtable _data = new Hashtable();
    public AccessControl(Hashtable data)
    {
        _data = data;
    }
    public bool UserAllowed(int UserId, UserActions Action)
    {   //Assorted app-specific logic here to determine role.
        //Determine if User is Admin
        //Determine if User is Owner
        //Determine if User is Logged In
        //Determine if User is Anonymous
        //Check read/write for determined role
        return true;
    }
    protected AccessControlSettings Role(UserTypes ut)
    {
        return (AccessControlSettings)_data[ut];
    }
}
public class AccessControlBuilder
{
    private Hashtable _data = new Hashtable();
    public void AddRole(UserTypes ut, bool read, bool write)
    {
        _data.Add(ut, new AccessControlSettings(read, write));
    }
    public AccessControl GetAccessControl()
    {
        return new AccessControl(_data);
    }
}
public enum UserActions
{
    Read,
    Write
}
public enum UserTypes
{
    Admin,
    Owner,
    User,
    Anonymous
}
public class AccessControlSettings
{   //Wraps specific access options so we make them set once in the builder 
    public bool Read { get { return _read; } }
    public bool Write { get { return _write; } }
    private bool _read;
    private bool _write;
    public AccessControlSettings(bool read, bool write)
    {
        _read = read;
        _write = write;
    }
}
#endregion

Answer 1

Why don't you use Reflector (or download the source from Microsoft) to see how the ASP.NET Membership classes function. That should give you an idea of "how the pros do it".