Mimicing Active Directory and NTFS file permissions?

Hi all,

I'm working with an Intranet site that currently has several hundred users accessing a few thousand pages organized in various folders (departments). Currently, for security, Active Directory groups are setup (one for each department) and then that group is added to the Security tab for the department folder on the website. Therefore, if access needs to be granted/removed, it's as simple as adding an employee to an active directory group.

Also, this ensures users don't have to login when they visit the site (unless they try to access an area in which they don't have access, then they're prompted with a login box).

This has been working great; however, the developers of the site are no longer able to add/remove active directory groups (not a technical issue - politics issue).

So essentially what I need to do is change the setup of the site to mimic the way it is setup now. What I figured I could do was setup an Access database where I define each username and then associated access rights, then put a line of code on each page to check said database before loading the page and if the user does not have access to call a response.redirect. However, I have a few reservations:

First, am I thinking along the right path for this being the most secure way to accomplish this? Are there any immediate security issues this solution could pose?

Second, I would of course need to setup individual groups that could only access individual folders. Could this be accomplished using ASP? Can you specify individual folder access, or would I need to go into each file and specify which group it should be a part of (essentially, what department each file belongs to)?

If you all know of any working examples out there, I'd love to take a look at them. I've scoured a few of the scripts sites, and all mention login systems that require setup of usernames/passwords, which I need to avoid. I just need to get the LOGON_USER, associate that with access rights, and then only allow that user to see those respective pages on the site.

Any help, guidance, and assistance on this topic is greatly appreciated!

I doubt you'll ever be able to reach the same level of security that you get with AD/NTFS.