Role security with active directory

It's already built into AD authentication. If you are authenticating against the AD, either via NTLM logins or an AD connected forms authentication setup then the thread identity will contain the groups the user belongs to, and the role based parts of the sitemap control will work.

Specifically you use the WindowsTokenRoleProvider. This is a one way role manager (you can't add people to groups - you have to use the AD tools for that. The use the sitemap's built in support for trimming site maps according to role.


Yes, you can use a RoleManager. Have a look at http://msdn.microsoft.com/en-us/library/ms998314.aspx