asp.net mvc Not authorized response is blank page ??

Question

If i'm not authorized on a controller action, i am getting a blank page and no error message? I'd like to display a message of some sort, Here's my setup:

class MyAuth : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (!httpContext.User.Identity.IsAuthenticated)
            return false;

        return MyIsCurrentUserInRoles(Roles.Split(",".ToCharArray()));
    }
}

used as

[Myauth(Roles="admin")]
class MyController: Controller
{
}

and the result is blank page when i'm not authorized ?

Is that the default behaviour ? if so, what where do i change it to produce a unauth message ?

Answer 1

Yes, this is the default behaviour when running in the ASP.Net Development Server:

http://stackoverflow.com/questions/491271/asp-net-mvc-authorisation-action-filter-question

You can redirect it to a page by editing the web.config to include a redirect for error 401:

<customErrors defaultRedirect="ErrorPage.aspx" mode="On"> 
    <error statusCode="401" redirect="AccessDenied.aspx" />       
</customErrors>