With the new Navigation controls in ASP.NET 2.0 you can easily setup security trimming with any provider you choose to use and a web.sitemap file or any other datasource you posses that can give you a menu structure.
I would provide a link to a sample on the net by Scott Gu the ASP.NET guru.
The samples include using both sql server and Windows Authentication
But when setting up this nice and easy handy stuff there are some issues :
1)You will not see your menu listed (nothing will appear)when your root Url is empty like below
<siteMapNode title="Home">
You will need to have a url node like so :
<siteMapNode url="default.aspx" title="Home">
<location path="Admin">
<system.web>authorization>
<allow roles="IT,Managers"/>
<deny users="*"/>
<authorization>
<system.web>
</location>
This is what the provider will use to determine the authorization of each folders or files listed in your project
The above means only the roles IT and Managers would have access to the Admin folders you can also have a page set in there.
Although if you have the roles set below for the somepage.aspx like below
<siteMapNode url="somepage.aspx" title="Employee" roles="IT,Managers,Support />
If someone in a Support role logs in he would be able to see the somepage.aspx but when he/she clicks on it and try to login he would be denied access based on the authorization tag you declared above.
So you will notice that the security trimming is definitely done on the sitemapNode and the Url and if a user doesn't belong to a specific role not specified you won't see the link.
Hope this helps and happy coding 
posted @ Thursday, January 10, 2008 6:31 PM