I have an MVC 4 intranet app that I created using Visual Studio 2012. I used WindowsAuthentication and it authenticates users as expected. On some actions I restricted users to certain roles using Authorize
attribute. When a user clicks on a link that invokes a controller action for which the user has no authorization it pops up an 'Authentication Required' dialogue. When I login with an account that has no authorization it keeps on popping up the dialogue. Instead I would like this:
- When a user is not authorized to access the page, pop up the dialogue as currently doing.
- When the user inputs a login that is valid but not authorized to access the page redirect to another page saying the access is forbidden.
How do I go about doing this? As a relevant information I customized the role provider using the approach discussed here