ASP.Net MVC 3 Redirect UnAuthorized User not to loginUrl

Question

i have a project using ASP.Net MVC3 and using membership for roles. i use authorize in every controller. eg:

[Authorize(Roles = \"Administrator\")]
    publ         


        

Answer 1

My own version, based on ntep vodka's:

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if(IsUserAuthenticated(filterContext.HttpContext)) 
        {
            filterContext.Result = new RedirectResult("/Account/InvalidRole");
        }
        else
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }

    private bool IsUserAuthenticated(HttpContextBase context)
    {
        return context.User != null && context.User.Identity != null && context.User.Identity.IsAuthenticated;
    }
}

This way I get standard redirect to login page for not authenticated users, and custom redirect for users that are authenticated but don't have the appropriate role for the action.