Because the admin filter is calling lcoalization, and localization is calling the admin filter... we should apply the admin attribute first, then do the security check

src/Orchard/UI/Admin/AdminFilter.cs

@@ -20,11 +20,11 @@ namespace Orchard.UI.Admin {
 
         public void OnAuthorization(AuthorizationContext filterContext) {
             if (IsAdmin(filterContext)) {
+                Apply(filterContext.RequestContext);
+
                 if (!_authorizer.Authorize(StandardPermissions.AccessAdminPanel, T("Can't access the admin"))) {
                     filterContext.Result = new HttpUnauthorizedResult();
                 }
-
-                Apply(filterContext.RequestContext);
             }
         }