Complicated Custom Authentication/Authorization scheme question, Please HELP!


I am writing a web application that needs to authenticate and
authorize users against an existing database of users, groups, and
The difference between this and other typical applications is that the
SQL data store is not known at development or configuration time, i.e.
the user is presented with a list of sites he/she can sign on to, and
based on the selected application, the server name, database name, and
SQL login info is set. The list and its associated info is derived
from an XML file stored within a virtual directory.
I have already written a custom MembershipProvider that has a method:
ConnectToStore(Server As String, DBName As String, UserID As String,
Password As String)
which I call from the Login.Authenticate event handler on the login
page. This works great as it successfully authenticates the users as
My challenge is to implement the RoleProvider so that it uses a
similar scheme, i.e. I can set the connection string for the roles
data store before it attempts to connect to the database to get the
roles. It is not clear to me where I should call its version of the
ConnectToStore() method. I have already written and tested a version
of the provider with hard-coded values for testing, and it works. I
now need to plug it into the data store...

So how can I set the connection string for the RoleProvider module
before it kicks in? Any other suggestions as to how best to implement
this functionality?
NOTE: I must continue to use the XML file that contains the list of
applications and their connection info, i.e. I cannot store the
connectin strings in the web.config file.

Thanks in advance
Ali M.