Why does my Authorize Attribute not work?

the roles of a

ClaimsPrincipal

are actually just claims create with a type of

ClaimsIdentity.RoleClaimType

. By default, this is given by

ClaimType.Role

, which is the string

http://schemas.microsoft.com/ws/2008/06/identity/claims

. When a user is authenticated appropriate claims are added for their roles which can be found later as required.

It's worth bearing this in mind if you have difficult with

AuthorizeAttributes

not working. Most external identity providers will use a different set of claims representing role, name etc that do not marry up with the values used by Microsoft in the

ClaimType

class. As Dominick Baier discusses on his blog, this can lead to situations where claims are not translated and so users can appear to not be in a given role. If you run into issues where your authorisation does not appear to working correctly, I strongly recommend you check out his post for all the details.
http://andrewlock.net/introduction-to-authorisation-in-asp-net-core/ https://leastprivilege.com/2016/08/21/why-does-my-authorize-attribute-not-work/