Ok,
I apparently have a lot more reading to do...
yes, I understand how the roles/policies are used once you have them defined.
I will check to see if I can find examples on how to use the AuthenticationState to catch the user principal and when.
Almost all the examples I can find seems to build their own userstore/roles in the application, which is not what I want, unless it is a must.
I will read that document again and see if it enlightens me on the subject.