ASP.NET Identity Claims
It is hard to tell for certain but I think what happened here is that Claims were cached in the cookie that is used for authenticating the user. When a user first logs in the claims are read from the database, a cookie is created with the claims and stored on the users browser. All further requests read the users claim information from the cookie until it expires. I have a detailed blog post on I wrote awhile back on ASP.NET Identity Cookie Expiration for more information on how to manage expiration.
Some of your wording suggests (only a guess on my part) that the roles were added after the user had already signed in and therefor the roles were not added to the cookie and would not print out. The claims refreshed when you added the code to add the names because one of few reasons:
- The cookie had expired and you had to do a fresh login.
- You signed out (which removed the cookie) and then did a fresh login.
You stayed logged in but when you reposted to the
login
action you have a call tosignout
and thensignin
which refreshed the cookie:AuthenticationManager.SignOut(); AuthenticationManager.SignIn(new AuthenticationProperties
You can duplicate the behavior you where experiencing:
- Make sure the user is signed out
- Remove the user's roles from the
AspNetUserRoles
table - Signing the user in
- Add the roles back the user in the
AspNetUserRoles
table (either manually or by some Action via your application where you manage roles for users) - Print out the roles
- You will not see the roles in the print out.
- Next sign the user out and sign them back in and you will then see the expected roles.
Each time you add a role or claim you will need to have user manually log out or you can make a call that refreshes the cookie as I mentioned earlier. This answer here gives some context on how to refresh the cookie effectively.