You use the WindowsTokenRoleProvider with ASP.NET applications that use Windows authentication. It is a read-only provider that retrieves role information for a Windows user based on Windows security groups.
<!--
Windows TokenRole Provider
You use the WindowsTokenRoleProvider with ASP.NET applications that use
Windows authentication. It is a read-only provider that retrieves role
information for a Windows user based on Windows security groups. You cannot
create, add to, or delete roles with this provider. Instead, you must use the
Windows Computer Management or Active Directory Users and Computers
administration tools.
The Windows security system acts as role store for this
provider, so no additional configuration is required to set up the role store.
http://msdn.microsoft.com/en-us/library/ff647401.aspx
-->
<authentication mode="Windows" />
<roleManager enabled="true"
cacheRolesInCookie="true"
cookieName=".roles"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All"
defaultProvider="AspNetWindowsTokenRoleProvider"
createPersistentCookie="false"
maxCachedResults="25" />