I have created a custom AuthorizationAttribute which I'm placing on my controllers. I followed this article. I've implemented custom authorization logic in the OnAuthorization method and this works fine. When the user fails authorization I'm currently doing the following:

// if authorization check fails...
filterContext.Result = new HttpUnauthorizedResult();

This displays a username/password prompt.

My question is what is the recommended way send the user to a "Access Is Denied" type page when they fail authorization?

I am using MVC3.

On the login page, you can check if the user is already logged in and display an access denied message instead of the login prompt.

In the end I went for a straight redirect:

public override void OnAuthorization(AuthorizationContext filterContext)
...
// if authorization check fails...
filterContext.Result = new RedirectResult(AccessDeniedPage);

Edit: Rob Conery has a very good article describing this in detail with ASP.NET MVC: Securing Your Controller Actions

you can throw HttpException with error code 401