My Controller class is decorated with an AuthorizeAttribute to protect the actions:
[Authorize(Roles = "User Level 2")]
public class BuyController : Controller
{
...
}
Anytime an action is invoked, but the user is not in at least the role "User Level 2", the user is automatically redirected to the login page with a URL like this:
http://localhost:1436/Account/Login?ReturnUrl=%2fBuy
If the user is already logged in, but doesn't have the right security level, this is not an optimal behavior! It would make more sense to display a page which informs the user about the missing level instead of showing the login page.
What can I do to customize this behavior?
Is it possible to pass the required user level to the Login action somehow?
See Question&Answers more detail:os