I am not sure how to handle the 401.2 error I receive when I try to block certain content from unauthorized users. If I use the web.config and roles to specify who can see what, I get this 401.2 error when they are either not authenticated yet, or are not authorized.
If instead I use code to redirect users who are not authenticated to the ADFS login page, that works fine, but users who are authenticated but not authorized still get the 401.2 error.
Will I have to do everything in code or is there a way to use the web.config like I normally would without having to write code?
I've tried putting in custom errors for the 401.2 error in IIS but it never gives me that custom page, always the default error page. Either I'm doing something wrong, or it is not possible to handle this except by code.