+1  A: 

I had to set securityTrimmingEnabled to "true" in my web.config file.

<?xml version="1.0"?>
<configuration>
    ...
    <system.web>
        ...
        <siteMap defaultProvider="default">
            <providers>
                <clear/>
                <add name="default"
                    type="System.Web.XmlSiteMapProvider"
                    siteMapFile="web.sitemap"
                    securityTrimmingEnabled="true"/>
            </providers>
        </siteMap>
        ...
    </system.web>
    ...
</configuration>
Zack Peterson
+1  A: 

I'm not sure how this question is any different than your other question, but I'll try to answer it anyways.

If you want a tutorial on how to implement role-based authentication, check out the one from 4GuysFromRolla.

Kevin Pang
+1  A: 

securityTrimmingEnabled="true" works for internal pages that have a config file restricting permissions, you can also add role="SomeRole" in the sitemap to ovveride the display mechanism, which is useful if you have menu items to external sites.

Nicholas