выдает ошибку HTTP 403.14 - Запрещено после создания новой записи

1- AuthorizeUserAttribute.cs — это класс для атрибута авторизации костюма.

public class AuthorizeUserAttribute : AuthorizeAttribute
{
    public string AccessLevel { get; set; }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
            return false;

        if (this.AccessLevel.Contains("Admin"))
        {
            return true;
        }
        else return false;
    }

2- это мой контроллер

[AuthorizeUser(AccessLevel = "Admin")]
public class ProductsController : Controller
{
    private DataBaseContext db = new DataBaseContext();
    public ActionResult Index()
    {
        var product = db.Product.Include(p => p.ProductGroup);
        return View(product.ToList());
    }
}
 [AuthorizeUser(AccessLevel = "Admin")]
    public ActionResult Create([Bind(Include = "Product_Id,ProductName,Description,PicUrl,Group_Id")] Product product)
    {
        if (ModelState.IsValid)
        {
            db.Product.Add(product);
            db.SaveChanges();
            return RedirectToAction("Index");
        }

        ViewBag.Group_Id = new SelectList(db.ProductGroups, "Group_Id", "GreoupName", product.Group_Id);
        return View(product);
    }

3-FilterConfig.cs в папке start_up

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());
        filters.Add(new AuthorizeAttribute());
        filters.Add(new AuthorizeUserAttribute());

    }

}

4-Global.asax.cs

void Application_Start(object sender, EventArgs e)
    {
        // Code that runs on application startup
        AreaRegistration.RegisterAllAreas();
        GlobalConfiguration.Configure(WebApiConfig.Register);
        RouteConfig.RegisterRoutes(RouteTable.Routes);     
        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;

    }

5- Admin1Controller.cs для входа в систему и т.д...

 [HttpPost]
    public ActionResult Login(LoginViewModel model)
    {
        if (!ModelState.IsValid) //Checks if input fields have the correct format
        {
            return View(model); //Returns the view with the input values so that the user doesn't have to retype again
        }

                if(model.Email == "[email protected]" & model.Password == "@1234psm")
                    { 
                var identity = new ClaimsIdentity(new[] {
                                              new Claim(ClaimTypes.Name,"Admin" ),
                                              new Claim(ClaimTypes.Email, "[email protected]"),
                                              new Claim(ClaimTypes.Role,"Admin")

                                                }, "ApplicationCookie");

                var ctx = Request.GetOwinContext();
                var authManager = ctx.Authentication;
                authManager.SignIn(identity);

                        return Redirect(GetRedirectUrl(model.ReturnUrl));
                    }
        ModelState.AddModelError("", "incorrect UserName or pass");
        return View(model);


    }
private string GetRedirectUrl(string returnUrl)
    {
        if (string.IsNullOrEmpty(returnUrl) || !Url.IsLocalUrl(returnUrl))
        {
            return Url.Action("index", "Admin1");
        }
        return returnUrl;
    }

после создания нового продукта и возврата к продуктам / показать ошибку HTTP 403.14 - Запрещенная страница. при записи продукта/индекса показывать правильную страницу