How do I serve up an Unauthorized page when a user is not in the Authorized Roles?

Question

I am using the Authorize attribute like this:

[Authorize (Roles=\"Admin, User\")]
Public ActionResult Index(int id)
{
    // blah
}

Answer 1

Perhaps a 403 status code is more appropriate based on your question (the user is identified, but their account is not privileged enough). 401 is for the case where you do not know what priveleges the user has.