I have a controller in ASP.NET MVC that I've restricted to the admin role:
[Authorize(Roles = "Admin")]
public class TestController : Controller
{
...
If a user who is not in the Admin role navigates to this controller they are greeted with a blank screen.
What I would like to do is redirect them to View that says "you need to be in the Admin role to be able to access this resource."
One way of doing this that I've thought of is to have a check in each action method on IsUserInRole() and if not in role then return this informational view. However, I'd have to put that in each Action which breaks the DRY principal and is obviously cumbersome to maintain.
Best Answer
Create a custom authorization attribute based on AuthorizeAttribute and override OnAuthorization to perform the check how you want it done. Normally, AuthorizeAttribute will set the filter result to HttpUnauthorizedResult if the authorization check fails. You could have it set it to a ViewResult (of your Error view) instead.
EDIT: I have a couple of blog posts that go into more detail:
Example: