Hello All,

 I'm having an issue with my sitemap menu not trimming the menu items.

Now let me start by saying this all worked fine under IIS 5.1.  When we put this out on IIS 6.0 all the menu items show up regardless of the roles stated and the matching roles  and authorization settings on the web.config files.

Here is my web.config file... its huge so I'm trimming it down to only what is necessary for this post...

1                   <authentication mode="Windows">
2    			<forms timeout="40"/>
3    		</authentication>
4    		<authorization>
5    			<deny users="?"/>
6    		</authorization>
7    		<roleManager enabled="true" defaultProvider="SqlRoleManager">
8    			<providers>
9    				<clear/>
10   				<add name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" connectionStringName="MIS_StratConnectionString" applicationName="MisReporingPortal"/>
11   			</providers>
12   		</roleManager>
13   		<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
14   			<providers>
15   				<add name="XmlSiteMapProvider" description="Default SiteMap Provider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
16   			</providers>
17   		</siteMap>

 Here is the Web.Sitmap file in its entirety

1    
2    <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
3      
4      <siteMapNode url="" title=""  description="" roles="*">
5        <siteMapNode url="Default.aspx" title="Home" roles="*"/>
6        <siteMapNode url="Reports/Summary.aspx" title="DashBoard" roles="Administrators, Users">      
7        </siteMapNode>
8        <siteMapNode url="" title="Analysis"  description="List of Reports" roles="*">
9          <siteMapNode url ="" title="P & L" description="P & L" roles="Administrators, Users">
10           <siteMapNode url="Reports/178_Reports.aspx" title="P & L (178)"  description="P & L Reports" roles="Administrators, Users" />
11           <siteMapNode url="Reports/NwpOueAnalysis.aspx" title="P & L Comparison Analysis" roles="Administrators, Users" />
12         </siteMapNode>
13         <siteMapNode url="" title="Premiums"  description="Premium Reports" roles="Administrators, Users">
14           <siteMapNode url="Reports/WPremium.aspx" title="Written Premiums"  description="Premium Analysis" roles="Administrators, Users" />        
15         </siteMapNode>
16         <siteMapNode url="Reports/Loss.aspx" title="Loss"  description="Loss Reports" roles="Administrators, Users"/>
17         <siteMapNode url="Claims/ClaimsDashboard.aspx" title="Claims Dashboard"  description="Claims Dashboard" roles="Administrators, ClaimsAdministrators, ClaimsUsers"/>
18       </siteMapNode>
19       
20       <siteMapNode url="" title="Tools" description="Other Tools" roles="*">
21         <siteMapNode url="http://misportal.ace-ina.com/aceina/browse" title="FinMIS/Genius Portal" roles="*"/>
22         <siteMapNode url="http://uslibappd02.ace-ina.com/webdiver/bbdd/mainLogin.asp" title="Premium and Loss Drill Down" roles="*"/>
23         <siteMapNode url="http://uslibappd02/webdiver/armdd/bbdd1.asp" title="ARM Premium and Loss Account Drill Down" roles="*"/>
24         <siteMapNode url="http://uslibappd02.acetst.com/webdiver/aledd/mainLogin.asp" title="Claim ALE Drill Down" roles="*"/>
25         <siteMapNode url="http://uslibintv23.acetst.com/webdiver/inland/userinfo.asp" title="Inland Marine Drill Down" roles="*"/>
26         <siteMapNode url="http://uslibintv23.acetst.com/modecodes/modevwr.asp" title="Mode Codes" roles="*"/>
27         <siteMapNode url="http://policyinquiry.ace-ina.com/Menu.aspx" title="OPS/MIS Policy Inquiry" roles="*"/>      
28         <siteMapNode url="http://workspace.ace-ina.com/MISIMPL/WorkSpace/QuarterlyBook/default.aspx" title="Quarterly Books" roles ="*" />
29       </siteMapNode>
30       <siteMapNode url="Contact.aspx" title="Contact Us" roles="*"/>
31       <siteMapNode url="About.aspx" title="About"  description="Info regarding the MIS Reporting Portal" roles="*" />
32       <siteMapNode url="" title="Admin"  roles="Administrators, FinanceAdministrators, ClaimsAdministrators">      
33         <siteMapNode url="Admin/UserManagement.aspx" title="User Administration"  roles="Administrators" />
34         <siteMapNode url="Claims/Admin/UserAdmin.aspx" title="Claim Handler Administration"  roles="Administrators, ClaimsAdministrators" />
35         <siteMapNode url="FinanceAdmin/FinancialReportStatus.aspx" title="Cycle Close Status"  roles="FinanceAdministrators, Administrators" />
36         <siteMapNode url="Admin/UsageSummary.aspx" title="Web Usage Tracking"  roles="Administrators" />  
37       </siteMapNode>
38     </siteMapNode>
39     
40   </siteMap>

Lets focus on the Admin menu here.  In the admin folder, I have a web.config file that looks like this...

1    <configuration>
2        <appSettings/>
3        <connectionStrings/>
4        <system.web>
5          <authorization>
6            <allow roles="Administrators"/>
7            <deny users="*"/>
8          </authorization>
9        </system.web>
10   </configuration>

Now, again, this works fine in IIS 5.1.  In 5.1, if I'm not an administrator, I won't see the Admin menu.  If I am an admin, I can see this.  Now once we moved this app to IIS 6.0, all the menu items show up even if you are not an admin.  Is there something I'm missing here?  Can any one help?

Thanks in advance.