You're right to call this a work around. Since you're using ASP and AD, wouldn't it be easier (perhaps a little more sophisticated) to have a common function called when each page loads that checks the groups the authenticated user belongs to. There are a lot of scripts available to return the information directly from server-side code without having to go through all the SQL Server configurations and making the additional database call to check AD. Here's one example:
' NOTE: Replace YOUR_DOMAIN in the Select statement with the name of your AD Domain
Dim strGroup 'The AD group being checked
Dim oConn, oCmd, oRS
Dim oGroup, oMember
strGroup = "AD Group Name"
Const ADS_SCOPE_SUBTREE = 2
Set oConn = CreateObject("ADODB.Connection")
Set oCmd = CreateObject("ADODB.Command")
oConn.Provider = "ADsDSOObject"
oConn.Open "Active Directory Provider"
Set oCmd.ActiveConnection = oConn
oCmd.Properties("Page Size") = 1000
oCmd.Properties("Searchscope") = ADS_SCOPE_SUBTREE
'Return all the members of the group
oCmd.CommandText = "SELECT distinguishedName FROM 'LDAP://dc=YOUR_DOMAIN,dc=com' WHERE objectCategory = 'group' And CN = '" & strGroup & "'"
Set oRS = oCmd.Execute
Do Until oRS.EOF
GroupDN = oRS.Fields("distinguishedName").Value
Set oGroup = GetObject("LDAP://" & GroupDN)
For Each oMember In oGroup.Members
strMessage = strMessage & oMember.sAMAccountName & chr(13)
msgbox strMessage, vbInformation, "Members of [" & strGroup & "]"
' Clean up
Set oMember = Nothing
Set oGroup = Nothing
Set oRS = Nothing
Set oCmd = Nothing
Set oConn = Nothing
This script will display the members of an AD group in a message box. It can easily be modified and put into a common function that checks if the authenticated user belongs to a particular group(s) and return True or False to the calling page.