Absolutely nothing from the spec claims normally, and often You cannot utilize a 401 in that situation mainly because returning a 401 is only legal when you consist of a WWW-Authenticate header. I believe 403 is best suited for written content that is never served. In asp.Web This may imply http://pigpgs.com