You can overwrite a method to do this.
public class CustomAuthorizeAttribute : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if ({your code detecting no user is logged}) { filterContext.Result = new RedirectResult(System.Web.Security.FormsAuthentication.LoginUrl + "?returnUrl=" + filterContext.HttpContext.Server.UrlEncode(filterContext.HttpContext.Request.RawUrl)); return; } if ({your code detecting that the user has no access}) { var ViewData = new ViewDataDictionary(); ViewData.Add("Title", "No access"); ViewData.Add("Description", "blah blah blah blah blah blah blah "); filterContext.Result = new ViewResult { ViewName = "~/Views/Shared/NoAccess.cshtml", ViewData = ViewData }; } }