I use the ClaimsPrincipalPermission for authorization in my asp 4.5 website.
This works fine.
But when the user tries to call a page which he is not allowed the error code returned is a 500 and not some like 401.
Is this the expected behavior ? I assume 401 would express more why this page can't be called.
Or do I have an error ? In the debugger I see that a securityexception is correctly thrown.
Is there a way to chjange this behvaior ? Does anyone know why this happens?