Why isn't [Authorize(Roles = “Admin”)] working in MVC 5 RTM with ASP.NET Identity?

Question

Does [Authorize(Roles = \"Admin\")] work out of the box in MVC 5 RTM with ASP.NET Identity?

I\'ve had no luck. Note that [Authorize] and

Answer 1

The user may need to be re-authenticated to receive new claims that include membership in the Admin role. Since MVC 5 uses ASP.NET Identity out of the box, and by default in MVC 5, ASP.NET Identity stores claims like roles in the user's cookies, that information can become stale (hence the database says one thing but the user's cookies say something else). Re-authenticating a user will refresh their claims, including user role claims, to match the current state of the database.

For example:

If a user signs in before being assigned to the Admin role in the database that user will be granted claims but they will not include their assignment to the Admin role. If later, they are added to the Admin role, the claims stored in their cookies are not automatically updated. Instead only the database has been update, the application has to re-authenticate them before their old claims will be replaced with the new claims that include membership in the Admin role. Having the user manually sign out and back in, is the most obvious way re-authenticate that user.

Here's an article on Using Claims in ASP.NET Identity