|What I am suggesting is that you totally get rid of form based authentication. You should just have windows authentication. This will eliminate all the need to maintain uses in database.
If you are managing roles and rights in database you can either move that to active directory where each role will be transformed to an AD group and based on group you set rights in code. If this is not feasible, keep authentication windows based but have authorization done in code through database tables.
Here[^] is a blog that shows how to implement windows authentication with database based authorization.
"You'd have to be a floating database guru clad in a white toga and ghandi level of sereneness to fix this goddamn clusterfuck.", BruceN