I had a request come that asked to use NT Groups for access to pages.
After doing some searching I was able to get it to work using the following:
<authentication mode="Windows" /> <identity impersonate = "true" /> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" /> <authorization> <allow roles="{domainname}\{NTGroup}" /> <deny users="*" /> </authorization>
The key item is the roleManager. By adding the tag it knows to use windows groups.
Also I changed the domainname and NTGroup to the group that was used for access.