I have this sitemap:

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns=""&gt;
    <siteMapNode url="" title="Google" roles="*" />
    <siteMapNode url="" title="Zdnet" roles="NonExistingRole" />
    <siteMapNode url="" title="Microsoft" roles="*" />
    <siteMapNode url="" title="Bing" roles="*" />

I am using a custom roleprovider configured like this (this works whenever I call for example the GetRolesForUser method):

 <authentication mode="Windows"/>
<roleManager enabled="true" defaultProvider="MyProvider">
     <add name="MyProvider" type="CustomProviders.MyTestRoleProvider, CustomProviders, Version=, Culture=neutral"/>

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    <add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>

What I expect is that the node with roles="NonExistingRoles" would not get visualized but it does. How to solve this problem?

Also do I need to turn on ?

+2  A: 

Apparently it's because the root siteMapNode also needs a roles attribute set to * like this:

<siteMapNode roles="*">
Nyla Pareska