Since you’re coming from an ASP.NET background, probably the most specifically focused book on the subject of security/authorization within the ASP.NET framework is:

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB

(or it’s previous editions that target ASP.NET 2.0 etc.)

There is also the older:

Programming .NET Security

However, these books will simply detail the existing authentication and authorization mechanisms as they exist within ASP.NET membership model and, as you say, are heavily based upon a user/role setup.

If you’re looking to stay specifically within the Microsoft/.NET world, one thing that could be worth looking into the the federated security model that can be employed by technologies such as WCF (Windows Communication Foundation). This mechanism allows a relatively lightweight approach to security management and makes it easier to accomplish the kind of thing you’re after in your example (ProjectA: Editor / ProjectB: Photographer).

Some links on this are:

Federation (from MSDN)
Federation and Issued Tokens
patterns & practices: WCF Security Guidance
Learning WCF Book – Federated Security Section

If you’re after a more general or generic approach to security and authentication/authorization mechanisms that is fairly platform agnostic, some good resources / books would be:

Designing Security Architecture Solutions
(This book details different security concepts and architectures not only for authenticating/authorizing users but also for concepts such as code access security)

There is also:

Enterprise Security Architecture: A Business-Driven Approach
(As it’s name suggests, it’s a bit more “business” focused, and does primarily focus on the SABSA (Sherwood Applied Business Security Architecture) methodology)