I see what you have done, and the example is perfectly valid for demonstration purposes, and well written. I just want to emphasize best practices.

There might be a need to write you own .net security class code to encrypt the password at the client or middle tier to keep the decrypted one away from the database, but writing a CLR to do that then defeats the purpose. You should use passphrase/keys , and not CLR code for that.

Also easier and more manageable to create check constraints rather than stored procs for validation.