Any idea what might be causing this? I can see the claims in User.Claims The only thing I can think of is that the claims from Azure Ad Roles come back differently than what IsInRole() checks for?

CorpAdmin Role showing in claims.

User.IsInRole returns false

[Startup.Auth][3]

Just to clarify, I AM getting roles back but I think they are not being added to the list of claims correctly and I cannot figure out why. Nerith IsInRole or [Authorize(Roles="...")] will correctly check the roles claims.

Anyone of these changes worked for me:

            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer = false,
                RoleClaimType = System.Security.Claims.ClaimTypes.Role
            },

or

            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer = false,
                RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
            },

You need to specify the name of the claims type that contains the roles. Like this:

TokenValidationParameters = new TokenValidationParameters
{
    ValidateIssuer = true,
    RoleClaimType = "roles"
},

If you are having the same issue as I was, I created a custom AuthorizeAttribute class and I forget to override the AuthorizeCore function. Adding the code below resolved the issue for me.

    //Core authentication, called before each action
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return base.AuthorizeCore(httpContext);
    }