Handle forbidden authorization with ASP.NET MVC

ForbiddenAuthorizeAttribute.cs

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class ForbiddenAuthorizeAttribute : AuthorizeAttribute
{    
    public string ForbiddenViewName { get; set; } = "Forbidden";
    
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.IsAuthenticated)
        { 
            // Access forbidden, display 403 page (instead of the default login page, because the user is actually already
            // authenticated but he hasn't access to this page).  
            filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;  
            var forbiddenView = new ViewResult { ViewName = ForbiddenViewName };  
            filterContext.Result = forbiddenView;   
        } 
        else
        {
            base.HandleUnauthorizedRequest(filterContext);      
        }    
    }
}