How to Authorize AD users with .Net Core

Have you configured both IIS and the app for integrated authentication?

In your web.config do you have the asp.net core module set to forward Windows Identities, by setting forwardWindowsAuthToken="true"

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" 
        modules="AspNetCoreModule" resourceType="Unspecified" />
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" 
      arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" 
      stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true" />
  </system.webServer>
</configuration>

In your program.cs have you plumbed in IIS integration with .UseIISIntegration()?

var host = new WebHostBuilder()
    .UseKestrel()
    .UseContentRoot(Directory.GetCurrentDirectory())
    .UseIISIntegration()
    .UseStartup<Startup>()
    .Build();

Have you added authorization in your ConfigureServices() method in Startup.cs and put it before AddMvc()?

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthorization();
    services.AddMvc();
}

When I have all those things in place I can happily authorize based on roles, for example I put [Authorize(Roles = "REDMOND\\scottgu_org_fte")] on my home controller and I get in just fine.

Using @"REDMOND\\scottgu_org_fte" won't work, because that makes the string literal verbatim, so it's trying to evaluate Domain\\group, and double slashes are wrong. @"REDMOND\scottgu_org_fte" would work though.