Right now I decorate a method like this to allow "members" to access my controller action
[Authorize(Roles="members")]
How do I allow more than one role? For example the following does not work but it shows what I am trying to do (allow "members" and "admin" access):
[Authorize(Roles="members", "admin")]
Another option is to use a single authorize filter as you posted but remove the inner quotations.
[Authorize(Roles="members,admin")]