Here is the simple class which represents action result for not authorized access:
It can be used like this in your controller:
If this action result is returned ASP.Net MVC will redirect user on the view which corresponds to loginUrl attribute of forms tag in your web.config.
Also notice that if you will use another http response code (e.g. 403 Forbidden) IE will not show your custom error message if it has size less than 512 bytes – it will show its own “friendly error message”: http://stackoverflow.com/questions/1492444/ie-7-not-showing-my-custom-401-page/1492472.