Configuring AspNetWindowsTokenRoleProvider

[Waynest]

Ahoy shipmates

I'm developing an app for internal use and I want the logins and menu control (sitemap driven) display to be determined by membership of Active Directory groups

I'm familiar with forms authentication sites but this is the first AD one I've done

Now, based on what I've found on MSDN I've got these lines in my web.config

<authentication mode="Windows">
</authentication>

<authorization>
<deny users="?"/>
</authorization>

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider "
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>


If I use Context.User.IsInRole(AD group name) I am getting membership of groups correctly for the logged in user, so thats fine.

But my menu control is not populated at all, so the sitemap doesnt appear to be hooking up to the AD groups

I feel I'm missing something in the web.config

Any ideas?

Thanks!