ASP.NET security trimming problem no fine grained control possible?

Question

I have this sitemap:

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0"&gt;
  <siteMapNode>
    <siteMapNode url="www.google.com" title="Google" roles="*" />
    <siteMapNode url="www.zdnet.com" title="Zdnet" roles="NonExistingRole" />
    <siteMapNode url="www.microsoft.com" title="Microsoft" roles="*" />
    <siteMapNode url="www.bing.com" title="Bing" roles="*" />
  </siteMapNode>
</siteMap>

I am using a custom roleprovider configured like this (this works whenever I call for example the GetRolesForUser method):

 <authentication mode="Windows"/>
<roleManager enabled="true" defaultProvider="MyProvider">
    <providers>
     <clear/>
     <add name="MyProvider" type="CustomProviders.MyTestRoleProvider, CustomProviders, Version=1.0.0.0, Culture=neutral"/>
    </providers>
</roleManager>

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
  <providers>
    <clear/>
    <add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
  </providers>
</siteMap>

What I expect is that the node with roles="NonExistingRoles" would not get visualized but it does. How to solve this problem?

Also do I need to turn on ?

Answer 1

Apparently it's because the root siteMapNode also needs a roles attribute set to * like this:

<siteMapNode roles="*">