You need to establish a user security context that will be used for authorization checks such as IsInRole.