I have an ASP.NET MVC (version 5.2.3) web application using Individual User Accounts and .NET Framework 4.5.1. For some reason the Authorize attribute on my controller classes no longer works. I can log into the website as a user who isNOT in role Admin, Supervisor or WorkcenterA and it still allows me to access the Create method inside the WorkcenterA controller. It shouldn't allow this. If I set a breakpoint on the WorkcenterA controller Create method User.IsInRole("Admin") = false and User.IsInRole("Supervisor") = false and User.IsInRole("WorkcenterA") = false so why did it allow the Create page to be accessed? It's like the Authorize attribute does absolutely nothing. Can somebody give me a hint as to how I can fix it? I have researched this issue on Google but all suggestions have failed to resolve my problem.
[Authorize(Roles = "Admin, Supervisor, WorkcenterA")]
public class WorkcenterAController: HelperController
{