You're right to call this a work around. Since you're using ASP and AD, wouldn't it be easier (perhaps a little more sophisticated) to have a common function called when each page loads that checks the groups the authenticated user belongs to. There are a lot of scripts available to return the information directly from server-side code without having to go through all the SQL Server configurations and making the additional database call to check AD. Here's one example:
Option Explicit
' NOTE: Replace YOUR_DOMAIN in the Select statement with the name of your AD Domain
Dim strGroup 'The AD group being checked
Dim strMessage
Dim GroupDN
Dim oConn, oCmd, oRS
Dim oGroup, oMember
strGroup = "AD Group Name"
Const ADS_SCOPE_SUBTREE = 2
Set oConn = CreateObject("ADODB.Connection")
Set oCmd = CreateObject("ADODB.Command")
oConn.Provider = "ADsDSOObject"
oConn.Open "Active Directory Provider"
Set oCmd.ActiveConnection = oConn
oCmd.Properties("Page Size") = 1000
oCmd.Properties("Searchscope") = ADS_SCOPE_SUBTREE
'Return all the members of the group
oCmd.CommandText = "SELECT distinguishedName FROM 'LDAP://dc=YOUR_DOMAIN,dc=com' WHERE objectCategory = 'group' And CN = '" & strGroup & "'"
Set oRS = oCmd.Execute
oRS.MoveFirst
Do Until oRS.EOF
GroupDN = oRS.Fields("distinguishedName").Value
Set oGroup = GetObject("LDAP://" & GroupDN)
For Each oMember In oGroup.Members
strMessage = strMessage & oMember.sAMAccountName & chr(13)
Next
oRS.MoveNext
Loop
msgbox strMessage, vbInformation, "Members of [" & strGroup & "]"
' Clean up
Set oMember = Nothing
Set oGroup = Nothing
Set oRS = Nothing
Set oCmd = Nothing
Set oConn = Nothing
This script will display the members of an AD group in a message box. It can easily be modified and put into a common function that checks if the authenticated user belongs to a particular group(s) and return True or False to the calling page.