You're right to call this a work around. Since you're using ASP and AD, wouldn't it be easier (perhaps a little more sophisticated) to have a common function called when each page loads that checks the groups the authenticated user belongs to. There are a lot of scripts available to return the information directly from server-side code without having to go through all the SQL Server configurations and making the additional database call to check AD. Here's one example:

Option Explicit

' NOTE: Replace YOUR_DOMAIN in the Select statement with the name of your AD Domain

Dim strGroup 'The AD group being checked

Dim strMessage

Dim GroupDN

Dim oConn, oCmd, oRS

Dim oGroup, oMember

strGroup = "AD Group Name"

Const ADS_SCOPE_SUBTREE = 2

Set oConn = CreateObject("ADODB.Connection")

Set oCmd = CreateObject("ADODB.Command")

oConn.Provider = "ADsDSOObject"

oConn.Open "Active Directory Provider"

Set oCmd.ActiveConnection = oConn

oCmd.Properties("Page Size") = 1000

oCmd.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'Return all the members of the group

oCmd.CommandText = "SELECT distinguishedName FROM 'LDAP://dc=YOUR_DOMAIN,dc=com' WHERE objectCategory = 'group' And CN = '" & strGroup & "'"

Set oRS = oCmd.Execute

oRS.MoveFirst

Do Until oRS.EOF

GroupDN = oRS.Fields("distinguishedName").Value

Set oGroup = GetObject("LDAP://" & GroupDN)

For Each oMember In oGroup.Members

strMessage = strMessage & oMember.sAMAccountName & chr(13)

Next

oRS.MoveNext

Loop

msgbox strMessage, vbInformation, "Members of [" & strGroup & "]"

' Clean up

Set oMember = Nothing

Set oGroup = Nothing

Set oRS = Nothing

Set oCmd = Nothing

Set oConn = Nothing

This script will display the members of an AD group in a message box. It can easily be modified and put into a common function that checks if the authenticated user belongs to a particular group(s) and return True or False to the calling page.