Here's my custom Windows Server 2003 Authorization Manager Role Provider:

 

using System;
using System.Collections;
using System.Configuration;
using System.Web;
using System.Web.Security;

using AZROLESLib;

public class AuthorizationManagerRoleProvider: RoleProvider
{
 private string name;
 private string applicationName;
 private string storeLocation;
 private AZROLESLib.AzAuthorizationStore store;
 
 private const int AZ_AZSTORE_FORCE_APPLICATION_CLOSE = 0x10;

 public AuthorizationManagerRoleProvider()
 {

 }

 private AZROLESLib.IAzApplication OpenApplication()
 {
  return store.OpenApplication(this.applicationName, null);
 }

 private void CloseApplication()
 {
  //this.store.CloseApplication(this.ApplicationName, 0);
 }

 

 #region Validation Routines
 private void ValidateUserName(string userName)
 {
  if (StringUtility.IsEmpty(userName))
  {
   throw new HttpException("User names cannot be empty or null.");
  }
  if (userName.IndexOf(',') > 0)
  {
   throw new HttpException("User names cannot contain commas.");
  }
 }

 private void ValidateUserNames(string[] userNames)
 {
  foreach (string userName in userNames)
  {
   this.ValidateUserName(userName);

  }
 }


 private void ValidateRoleName(string roleName, bool shouldExist)
 {
  if (StringUtility.IsEmpty(roleName))
  {
   throw new HttpException("Role names cannot be empty or null.");
  }
  bool exists = this.RoleExists(roleName);
  if (shouldExist != exists)
  {
   if (shouldExist)
   {
    throw new HttpException("Invalid role name.");
   }
   else
   {
    //ignore
    //throw new HttpException("Duplicate role name.");
   }
  }


 }

 private void ValidateRoleNames(string[] roleNames, bool shouldExist)
 {
  foreach (string roleName in roleNames)
  {
   this.ValidateRoleName(roleName, shouldExist);
  }
 }
 #endregion

 public override void Initialize(string name, System.Collections.Specialized.NameValueCollection configuration)
 {
  try
  {
   this.name = name;

   this.storeLocation = configuration["store"];
   
   this.store = new AZROLESLib.AzAuthorizationStoreClass();
   store.Initialize(0, this.storeLocation, null);

   this.ApplicationName = configuration["applicationName"];
  }
  catch (Exception e)
  {
   Console.WriteLine(e.Message);
  }

 }


 public override string Name
 {
  get
  {
   return this.name;
  }
 }

 public override string ApplicationName
 {
  get
  {
   return this.applicationName;
  }

  set
  {
   this.applicationName = value;
  }
 }


 public override string[] FindUsersInRole(string roleName, string usernameToMatch)
 {
  ArrayList usersInRole = new ArrayList();
  string[] users = this.GetUsersInRole(roleName);
  foreach (string userName in users)
  {
   if (userName.IndexOf(usernameToMatch) >= 0)
   {
    usersInRole.Add(userName);
   }
  }
  return (string[])usersInRole.ToArray(typeof(string));
 }


 public override string[] GetAllRoles()
 {
  AZROLESLib.IAzApplication application = this.OpenApplication();
  string[] roleNames = null;
  try
  {
   AZROLESLib.IAzApplicationGroups roles = application.ApplicationGroups;
   AZROLESLib.IAzApplicationGroup currentRole = null;
   int limit = roles.Count;
   roleNames = new string[limit];
   for (int index = 1; index <= limit; index++)
   {
    currentRole = roles[index] as IAzApplicationGroup;
    roleNames[index - 1] = currentRole.Name;
   }
  }
  finally
  {
   this.CloseApplication();
  }
  return roleNames;
 }

 public override string[] GetRolesForUser(string userName)
 {
  ArrayList rolesForUser = new ArrayList();
  string[] roleNames = this.GetAllRoles();
  string[] userNames = null;
  foreach (string roleName in roleNames)
  {
   userNames = this.GetUsersInRole(roleName);
   foreach (string currentUserName in userNames)
   {
    if (string.Compare(userName, currentUserName, true) == 0)
    {
     rolesForUser.Add(roleName);
    }
   }
  }
  return (string[])rolesForUser.ToArray(typeof(string));
 }


 public override string[] GetUsersInRole(string roleName)
 {
  AZROLESLib.IAzApplication application = this.OpenApplication();
  string[] usersInRole = null;
  try
  {
   AZROLESLib.IAzApplicationGroup group = application.OpenApplicationGroup(roleName, null);
   object[] userNames = group.MembersName as object[];
   int limit = userNames.Length;
   usersInRole = new string[limit];
   for (int index = 0; index < limit; index++)
   {
    usersInRole[index] = userNames[index] as string;
   }
  }
  finally
  {
   this.CloseApplication();
  }
  return StringUtility.EliminateDuplicateArrayElements(usersInRole,true);
 }


 public override bool IsUserInRole(string userName, string roleName)
 {
  string abbreviatedUserName = userName;
  int index = abbreviatedUserName.IndexOf('\\');
  if(index >= 0)
  {
   abbreviatedUserName = abbreviatedUserName.Substring(++index);
  }

  string[] usersInRole = this.GetUsersInRole(roleName);
  foreach (string currentUserName in usersInRole)
  {
   if (string.Compare(currentUserName, abbreviatedUserName, true) == 0)
   {
    return true;
   }
  }
  return false;
 }


 public override void RemoveUsersFromRoles(string[] userNames, string[] roleNames)
 {
  string[] uniqueUserNames = StringUtility.EliminateDuplicateArrayElements(userNames, true);
  string[] uniqueRoleNames = StringUtility.EliminateDuplicateArrayElements(roleNames, true);

  this.ValidateRoleNames(uniqueRoleNames, true);
  this.ValidateUserNames(uniqueUserNames);

  foreach (string userName in uniqueUserNames)
  {
   foreach (string roleName in uniqueRoleNames)
   {
    if (!(this.IsUserInRole(userName, roleName)))
    {
     throw new HttpException(string.Format("User, {0}, is not the role, {1}",userName,roleName));
    }
   }
  }

  AZROLESLib.IAzApplication application = this.OpenApplication();
  try
  {
   AZROLESLib.IAzApplicationGroup group = null;
   foreach (string roleName in uniqueRoleNames)
   {
    group = application.OpenApplicationGroup(roleName, null);
    foreach (string userName in uniqueUserNames)
    {
     group.DeleteMemberName(userName, null);
    }
    group.Submit(0, null);
   }
  }
  finally
  {
   this.CloseApplication();
  }

 }


 public override bool RoleExists(string roleName)
 {
  string[] roleNames = this.GetAllRoles();
  foreach (string currentRoleName in roleNames)
  {
   if (string.Compare(roleName, currentRoleName, true) == 0)
   {
    return true;
   }
  }
  return false;
 }

 

 public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
 {
  this.ValidateRoleName(roleName, true);
  if (throwOnPopulatedRole)
  {
   string[] users = this.GetUsersInRole(roleName);
   if (users.Length > 0)
   {
    throw new HttpException("Cannot delete a populated role.");

   }
  }
  AZROLESLib.IAzApplication application = this.OpenApplication();
  try
  {
   application.DeleteApplicationGroup(roleName, null);
   application.DeleteRole(roleName, null);
  }
  finally
  {
   this.CloseApplication();
  }

  return true;
 }


 public override void CreateRole(string roleName)
 {
  this.ValidateRoleName(roleName,false);
  AZROLESLib.IAzApplication application = this.OpenApplication();
  try
  {
   AZROLESLib.IAzApplicationGroup group = application.CreateApplicationGroup(roleName, null);
   group.Submit(0, null);
   AZROLESLib.IAzRole role = application.CreateRole(roleName, null);
   role.Submit(0, null);
   role.AddAppMember(group.Name, null);
   role.Submit(0, null);
  }
  finally
  {
   this.CloseApplication();
  }
 }


 public override void AddUsersToRoles(string[] userNames, string[] roleNames)
 {
  string[] uniqueUserNames = StringUtility.EliminateDuplicateArrayElements(userNames,true);
  string[] uniqueRoleNames = StringUtility.EliminateDuplicateArrayElements(roleNames,true);

  this.ValidateRoleNames(uniqueRoleNames,true);
  this.ValidateUserNames(uniqueUserNames);

  foreach (string userName in uniqueUserNames)
  {
   foreach (string roleName in uniqueRoleNames)
   {
    if (this.IsUserInRole(userName, roleName))
    {
     throw new HttpException("A user is already in a role.");
    }
   }
  }

  AZROLESLib.IAzApplication application = this.OpenApplication();
  try
  {
   AZROLESLib.IAzApplicationGroup group = null;
   foreach (string roleName in uniqueRoleNames)
   {
    group = application.OpenApplicationGroup(roleName, null);
    foreach (string userName in uniqueUserNames)
    {
     group.AddMemberName(userName, null);
    }
    group.Submit(0, null);
   }
  }
  catch
  {
   this.CloseApplication();
  }

 }

 


}