The site I'm working on is mid-sized, 3 developers, a few thousand users, and is very critical to the small business running it. So what I'm getting at is, this is not a Fortune 500 company, but is a serious enterprise needing to implement role-based security in a time/budget efficent way that is still pretty simple to use and has a high-degree of security.
The site will praimrily be custom coded, but we want to efficiently leverage components wherever we can. There will be about 6 roles (buyer, seller, admin, partner, etc.), most will be external users so we anticipate a form where they enter uername, pw, etc. We'll most likely store user info in a SQL Server table.
I'd like your thoughts on the best technology to use for role-based security, hopefully based on your real-world experience.