public void OnAuthorizeRequest(object source, EventArgs eventArgs) { HttpApplication app = (HttpApplication)source; string page = app.Request.Path; page = page.Substring(page.LastIndexOf('/') + 1); if (!_authorizer.IsAllowed(app.Context.User.Identity, page)) { app.Response.StatusCode = 401; app.Response.StatusDescription = "Access Denied"; app.Response.Write("You are not authorized to view this page"); app.CompleteRequest(); } }