What is the best way to allow/deny users to perform specific activites?

[TayneC8]

I want to use built-in ASP.NET membership mechanism but it seems not enough to me. It only allows people to do a bunch of tasks(roles). I can allow a person but it seems hard to deny one ie; allow people in accounting dept. to see sensitive info but how to deny a specific person from that dept.? I have to create AccountDept and AccountDeptNoSensitiveData roles and so on... If there are many activities than it will be a mess.Old classic Groups and Users with Allow/Deny mechanism is much better in my situation. However I don't want to reinvent something already invented before if any and that's what I'm asking for here: For forms based authentication, is there any extended variant of ASP.NET Membership mechanism or another good "framework/boilerplate/readymade" which one allows me to authorize/deny people to do tasks in my app?