添加/更改用户后CustomAuthorize属性未更新

我有一个内部MVC站点的问题。我可能把这个标题弄错了，因为我不知道问题到底在哪里。我有以下自定义授权属性：

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    public CustomAuthorizeAttribute(params string[] roles)
    {
        using (var dataLayer = new CarrierBoundEntities())
        {
            string userNames = string.Empty;
            foreach (var user in dataLayer.tbl_PremiumWriteOffs_Users)
            {
                if (roles.Contains(user.Role))
                {
                    userNames += user.Username + ",";
                }
            }
            if (userNames.Length > 0)
            {
                // Remove last comma
                userNames.Remove(userNames.Length - 1);
            }
            Users = userNames;
        }
    }
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);
    }
}

数据层是实体框架创建的默认DbContext。有一个视图允许具有管理员角色的用户添加/编辑用户。以下是处理帖子以编辑用户的控制器：

[HttpPost]
[ValidateAntiForgeryToken]
[CustomAuthorize(new string[] { "Admin" })]
public ActionResult UsersEditView(UsersVM viewModel)
{
    using (var dataLayer = new CarrierBoundEntities())
    {
        var userToEdit = dataLayer.tbl_PremiumWriteOffs_Users.SingleOrDefault(x => x.ID == viewModel.UserSubmit.ID);
        if (userToEdit == null)
        {
            return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
        }
        // If the username was changed then check and display error if it's the same as another entry
        if (userToEdit.Username.Equals(viewModel.UserSubmit.Username, StringComparison.OrdinalIgnoreCase) == false)
        {
            foreach (var user in dataLayer.tbl_PremiumWriteOffs_Users)
            {
                if (user.Username.Equals(viewModel.UserSubmit.Username, StringComparison.OrdinalIgnoreCase))
                {
                    ModelState.AddModelError("UserSubmit.Username", "A user with this username already exists.");
                    break;
                }
            }
        }
        if (ModelState.IsValid)
        {
            userToEdit.Username = viewModel.UserSubmit.Username;
            userToEdit.Role = viewModel.UserSubmit.Role;
            userToEdit.UserLastModified = this.User.Identity.Name;
            userToEdit.DateLastModified = DateTime.Now;
            dataLayer.SaveChanges();
            return RedirectToAction("UsersView");
        }
        viewModel.RoleSelect = GetRoleSelectList();
        return View(viewModel);
    }
}

现在，当我在机器上本地运行它时，一切都很好，但当部署在服务器上时，当添加新用户或更改现有用户的角色时，某些内容不会得到更新。新用户仍然无法访问网站的任何部分，从管理员更改为用户的用户仍然可以访问管理区域。在服务器上重新启动应用程序之前，它一直保持这种状态。

奇怪的是，在进行更改后，更改在前端和后端都可见，因此数据库和实体上下文似乎都得到了很好的更新。因此，我认为可能是自定义authorize属性没有随着新的用户名列表更新，但我真的不知道，而且在调试时遇到了困难，因为它在本地应该可以正常工作。

如有任何帮助，我们将不胜感激。

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    private string[] _roles;
    public CustomAuthorizeAttribute(params string[] roles)
    {
        _roles = roles;
    }
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var user = httpContext.User;
        var isAuthorized = false;
        // check in the database to see if the user 
        // is in one of the Roles in _roles and therefore authorized...
        if(/* some code to check if the user is authorized */)
        {
           isAuthorized = true;
        }
        return isAuthorized;
    }
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);
    }
}