Custom HTTP handler for security

Is it possible to write a .Net custom HTTP handler that implements role-based security and strips the response of any elements that the user is not authorized to view. I was thinking of using reflection and maybe a small security ap开发者_Go百科p that loads all of the forms elements and allows an administrator to check whether a certain role is entitled or not to view each UI element. I would then persist this to a datastore and read it back in when formatting the response with reflection (maybe custom attributes would work?). Can someone please point me in the right direction? I am not a very experienced developer so the solution has to be relatively simple to implement. Thanks