There are different ways to do this but one of the best way could be custom authorization attributes.You just need to inherit the AuthorizeAttribute and override HandleUnauthorizedRequest() method of it.
public class CustomAuthorization : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
actionContext.Response = new HttpResponseMessage
{
StatusCode = HttpStatusCode.Forbidden,
Content = new StringContent("You are unauthorized to access this resource")
};
}
}
and use this like(CustomAuthorization should be used in-place of Authorize)
[CustomAuthorization]
public IHttpActionResult Get()
{
return Ok();
}
Otherwise you can also catch the status code in client side and display the custom message of your choice.