I have used very similar generic functionality in the past, using pretty good free code called SQSecurity.
This is based on using an IIS-ASP (Windows) web server, and a database.

You may want to download that, and perhaps plagerize a few ideas. Cheers.