I implemented the ASP.NET security model and I am allowing/denying access to users in the web.config based on what roles they are in e.g.
<system.web>
<authorization>
<allow roles = "Admin" />
</authorization>
</system.web>
When I try and visit a page I don't have access to, it prompts me to log in but I'm already logged in and if I try log in again it just shows a log in control because I don't have the correct permission based on my role, however how can I display a more meaningful message to the user, ie. "You don't have sufficient permissions to view this page." Rather than just the log in control?