c# - Forms Authentication: How to handle unauthorized authenticated user -

I am trying to set up a very basic form authentication example.

Submit this correctly to uncertified users on the login page and to confirm credentials and if correct calling:

  FormsAuthentication.RedirectFromLoginPage (username.Text, false );  

If the user is named in the authorization section, they receive their page. If not, they are brought back to the login page with no errors.

How can I correctly identify authenticated but unauthorized users to redirect to a specific error page or to display an error message on the login page bounce back to the authorization error?

This is my web. Configure

  & lt; Authentication mode = "form" & gt; & Lt; Form Name = ". ASPXAUTH" loginUrl = "/ Form / Login" /> & lt; / Authentication & gt; & Lt; Authority & gt; & Lt; Deny users = "?" / & Gt; & Lt; Allow users = "username1, username2" /> & Lt; Deny users = "*" /> & Lt; / Authorization & gt;  

Update:

Based on the answers / comments / research, I get two working solutions.

1. Put the following in the Page_Load method of your login form:

     if (requested .oneric & amp;! String.isnl elquity (request .jQuery string) ["Return Url"])) {// This is an unauthorized, authenticated request ... response. Redirect ("FailedAuthorization.aspx"); }  
     OR   
    
    
    Enter the following Global.aspx File:  
     Secure void Application_EndRequest (Object Sender, EventArgs e) {if (Response.StatusCode == 401) {// Used in Use 403 Forbidden response Response.StatusCode = 403; // Redirect / Response on Custom Page Redirect (suspended file) ";}} Protected Zero Application_AuthenticateRequest (Object Sender, EventArgs E) {If (Request.IsAuthenticated) {// ASP.NET> = 4.5 Response.SuppressFormsAuthenticationRedirect = true;}}  < / Pre> 
    
    
    Thanks for all help with this! 
    

< P> Unfortunately, this is one of those things that ASP.Net constantly goes wrong though the MS and NET framework teams fully understand the difference between authentication and authorization, they still I do not know why this is.

This is only a chime of the Forms Authentication module handler, which gives 401 unauthorized returns instead of 403 Forbidden. (It does not help that confuses the HTTP standard authentication with authorization in this way as well).

It's not something you can easily override, so your only support Your law To view these pages whether they are already logged, and that redirect them ... It's not easy, but it is a way to handle it.

are using again, but if you are using .NET 4.5, then you have another option, which is to use the SuppressFormsAuthenticationRedirect option as this article: