I successfully implemented role based authorization in ASP.NET. When a person does not have the needed role he gets to see an error page for 401.2 not authorized. What I would like to accomplish now is to have a custom 401 page in my application and have it redirected there via settings in the web.config. I tried this:

<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"><error statusCode="401" redirect="NoAccess.htm" /></customErrors>    

But this does not get caught. Do I have to override it in IIS instead? I hope not as that would make getting things deployed harder

I think what you might be running into is that you have security set for the entire application. That is when a 401 occurs the redirect to NoAccess.htm fails because the user does not have access to that file either. Since you didn't post the whole file I cannot be sure, but that is my best guess.

Make sure that you have a <location path="/NoAccess.htm"><system.web><authorization><allow users="?" /></authorization<</system.web> in your web.config file.