document-management

I already know about User and Role-based security in ASP.NET MVC. But now I need something a little more granular. Let's say I have a list of documents, some of which the user is authorized for, some not. Each document has a corresponding record in a documents table in a database. Documents can be downloaded for viewing, if the user has security access. Documents can also be added, if you have the role. Each document has an URL, and each document list has an URL. I would like to security trim the list so that the user only sees those documents for which he is authorized. But I also need to

The requirements for my document management system were: Must be secure from theft by simple copying of directories, files etc. Must be secure against traditional virus infection (infection of physical file) Must be fast to retrieve The repository must not be visible to casual (directory) browsing users etc. I have decided to store all documents (and scanned images) as blobs in the database and so far my experience is wonderful and document retrieval is blindingly fast as well - it meets all the criteria from above and there are even a couple of additional advantages, such as autostoring