That's the default behaviour of Forms Authentication when you return a 401. Afaik there's no setting to disable that behavior in .Net < 4.5 so, the workaround besides using your own auth system, is something like this: - return a custom code (something like 4100) - hook up on the EndRequest event then check it out
if (context.Response.StatusCode==4100)
{
context.Response.StatusCode=401;
}