While I was dealing with some potential vulnerability issue affecting to some of "my" MVC 5.0 application in .Net Framework 4.5 and coming from a wrong management of user roles, it turns out that I didn't remember clearly how role management was related to User principal or even, where roles came from in order to IsInRole method were able to work properly to check roles for users. So, let me add this post as a reminder to clarify and shed light on this.
[More]