Hi. Lets say i have an asp.net site wtih forms authentication, where the username and password are checked against values stored in a table, all done via https so the password data cant fall into the wrong hands. once the user is authenticate this is my idea:
each user has a status, stored in the status column of the users table : Admin or RegularUser.
if the user status is an Admin, and clicks on something that returns encrypted data, a sproc checks the user has admin status and uses impersonation to impersonate a login that has control to use the encryption key that encrypted the data. so the data is returned unencrypted.
is this a valid way of using encryption via asp.net, or are their security issues?