How to change authorization denied page in ASP NET MVC 3

Currently when using authentication, the framework will redirect an unauthorized request back to a login page even when the user is already lo开发者_高级运维gged in rather than show an 'access denied' page or use the standard HTTP response code for access denied.

Phil Haack did a good blog post on this just the other week

Prevent Forms Authentication Login Page Redirect When You Don’t Want It

It's basicly a short coming of the (current) .Net architecture, He suggests a few options to get around this, normally I'd put some code here rather than just a link, but he explains is in some good detail and external links.