Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP) is a static code analyzer for classic ASP VBScript code that can help identify pages that might have a sql injection vulnerability.
That tool seems to only support vbscript ("The tool understands only ASP code that is written in VBScript"), and I think it only supports Classic ASP even for VBscript. I'm wondering if there is a tool with a similar approach capable of working with ASP.NET code, especially C# ASP.NET code.
You could take a look at the Microsoft Code Analysis Tool for .Net (CAT.NET) You can find a download here http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en
Also it's discussed on the Microsoft Security Tools Blog