aspnetcore.identity - in role, but getting denied access

Question

Core 2.0, using AspnetCore.Identity. I created a few roles, including "Admin".

    //initializing custom roles 
    var RoleManager = serviceProvider.GetRequiredService<RoleManager<IdentityRole>>();
    var UserManager = serviceProvider.GetRequiredService<UserManager<ApplicationUser>>();
    string[] roleNames = { "Admin", "Training", "Operations", "Membership", "Individual" };
    IdentityResult roleResult;

    foreach (var roleName in roleNames)
    {
        var roleExist = await RoleManager.RoleExistsAsync(roleName);
        // ensure that the role does not exist
        if (!roleExist)
        {
            //create the roles and seed them to the database: 
            roleResult = await RoleManager.CreateAsync(new IdentityRole(roleName)); 
        }
    }

I checked the SQL tables, and they're all there.:

Then I add myself to the Admin role (not the full method, but the relevant parts):

    var UserManager = serviceProvider.GetRequiredService<UserManager<ApplicationUser>>();
    var _eric = await UserManager.FindByEmailAsync("[email protected]");
        await UserManager.AddToRoleAsync(_eric, "Admin");

I check the tables, and I'm in there (along with another guy I added to a different role):

I then travel over to my method and slap Authorize on it with two of the roles, one of which I'm in (Admin):

[Authorize(Roles ="Training, Admin")]
public ActionResult Index()
{



    return View();
}

And then I get access denied. I'm missing something, but can't figure out what step I messed up. User is in there, I'm logged in, the data tables show me as having the role assigned, and the Authorize tag looks good.

Answer 1

Roles are claims and claims are loaded only on sign in. If you modify a claim (such as by adding a role), you must sign the user out and either automatically sign them back in or prompt the user to re-authenticate, to reload the claims.