Mar 02, 2010 05:30 PM|levib|LINK
The best and safest thing for you to do would be to subclass AuthorizeAttribute and override only the HandleUnauthorizedRequest method. Then you could attribute your methods like so:
[MyCustomAuthorization(Roles = "some_role[, some_other_role[, ...]]")]
Don't override any other method as the default logic should suffice in your case. (The default logic handles things like the IsInRole() check, suppressing output caching, etc.) Then from the HandleUnauthorizedAttribute method, set filterContext.Result
= new RedirectResult("url_to_redirect_to").
Good luck. :)