.Net Application Roles Authorization Using Active Directory Groups

I am new to both .net and Active Directory (AD) so this may be a simple answer but I have been searching开发者_高级运维 the web and MSDN library for hours and find bits and pieces for what I'm looking to do but am not sure how to pull them all together. I am developing an intranet .net app and want to authenticate and authorize users based on their Windows network username logon against 2 AD groups. I want the application to allow users in ADusergroup1 to see all pages of the app and users in ADusergroup2 to see a restricted number of pages of the app.

From what I have read, it seems the best way to do this is by setting <authenticationmode="Windows"/>, using <rolemanager> to define roles based on the AD groups, and defining <authorization> per location path based on the defined roles. However, I'm still uncertain how to define and use the roles using <rolemanager>. Does someone have an example of a web.config file to do this? And once this is defined in the web.config file, does anything else need to be done in the app code?

Thanks.

There were many questions about AD and role provider like this, try to search first.