One of the things we're dealing with here is application security and authorization for users (authentication).
Craig McMurtry has a great series on implementing application security using AD (Active Directory) and ADAM(AD application mode) in which you use the organization's active directory to add user permissions to stuff.
It's divided to parts,
(lots of parts in the middle...)
looks very promising.