I have created a controler for Admin only and I add:
[Authorize(Roles = "Admin")]
before class definition. When I try get sites for Admin as a User I'm redirected to LogOn site. How can I change redirect to LogOn or add a extra information to logon site?
Bouncing users to the LogOn page when they're logged in but don't have access to a page is one of the downsides of using the out-of-the-box AuthorizeAttribute. You have two options:
Create a custom authorize attribute (See: Redirecting unauthorized controller in ASP.NET MVC)
Change the "loginUrl" attribute of your "forms" element in the web.config to point to an action method that handles redirection based on whether you're logged in or not. You can check in the action method to see if the user is logged in. If they are, you can display an unauthorized access view, and if they aren't you can send them on to the log in page. e.g. <authentication mode="Forms"><forms loginUrl="~/error/unauthorized" timeout="2880"></authentication>
