How do I serve up an Unauthorized page when a user is not in the Authorized Roles?

Question

I am using the Authorize attribute like this:

[Authorize (Roles=\"Admin, User\")]
Public ActionResult Index(int id)
{
    // blah
}

Answer 1

And HttpUnauthorizedResult (this comes as reuslt of the AuthorizeAtrribute) just sets StatusCode to 401. So probably you can setup 401 page in IIS or custom error pages in web.config. Of course, you also have to ensure that access to your custom error page is not requires authorization.