diff --git a/src/MusicStore/Controllers/HomeController.cs b/src/MusicStore/Controllers/HomeController.cs
index 87bf1110d5..61d7c732bd 100644
--- a/src/MusicStore/Controllers/HomeController.cs
+++ b/src/MusicStore/Controllers/HomeController.cs
@@ -54,6 +54,11 @@ namespace MusicStore.Controllers
             return View("~/Views/Shared/StatusCodePage.cshtml");
         }
 
+        public IActionResult AccessDenied()
+        {
+            return View("~/Views/Shared/AccessDenied.cshtml");
+        }
+
         private async Task<List<Album>> GetTopSellingAlbumsAsync(int count)
         {
             // Group the order details by album and return
diff --git a/src/MusicStore/Startup.cs b/src/MusicStore/Startup.cs
index f68075d951..c830984145 100644
--- a/src/MusicStore/Startup.cs
+++ b/src/MusicStore/Startup.cs
@@ -3,6 +3,7 @@ using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Diagnostics;
 using Microsoft.AspNet.Diagnostics.Entity;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Identity.EntityFramework;
 using Microsoft.Data.Entity;
 using Microsoft.Framework.Caching.Memory;
@@ -59,6 +60,11 @@ namespace MusicStore
                     .AddEntityFrameworkStores<MusicStoreContext>()
                     .AddDefaultTokenProviders();
 
+            services.ConfigureCookieAuthentication(options =>
+            {
+                options.AccessDeniedPath = new PathString("/Home/AccessDenied");
+            });
+
             services.ConfigureFacebookAuthentication(options =>
             {
                 options.AppId = "550624398330273";
diff --git a/src/MusicStore/Views/Shared/AccessDenied.cshtml b/src/MusicStore/Views/Shared/AccessDenied.cshtml
new file mode 100644
index 0000000000..27ca49c951
--- /dev/null
+++ b/src/MusicStore/Views/Shared/AccessDenied.cshtml
@@ -0,0 +1,5 @@
+@{
+    ViewBag.Title = "Access denied due to insufficient permissions";
+}
+
+<h1 class="text-danger">Access denied due to insufficient permissions.</h1>
\ No newline at end of file
diff --git a/test/E2ETests/Implementation/Validator.cs b/test/E2ETests/Implementation/Validator.cs
index 7de515aed5..8df1d1736f 100644
--- a/test/E2ETests/Implementation/Validator.cs
+++ b/test/E2ETests/Implementation/Validator.cs
@@ -142,13 +142,26 @@ namespace E2ETests
         {
             _logger.LogInformation("Trying to access StoreManager that needs ManageStore claim with the current user : {email}", email ?? "Anonymous");
             var response = await _httpClient.GetAsync("Admin/StoreManager/");
-            await ThrowIfResponseStatusNotOk(response);
-            var responseContent = await response.Content.ReadAsStringAsync();
-            ValidateLayoutPage(responseContent);
-            Assert.Contains("<title>Log in – ASP.NET MVC Music Store</title>", responseContent, StringComparison.OrdinalIgnoreCase);
-            Assert.Contains("<h4>Use a local account to log in.</h4>", responseContent, StringComparison.OrdinalIgnoreCase);
-            Assert.Equal<string>(_deploymentResult.ApplicationBaseUri + PrefixBaseAddress("Account/Login?ReturnUrl=%2F{0}%2FAdmin%2FStoreManager%2F"), response.RequestMessage.RequestUri.AbsoluteUri);
-            _logger.LogInformation("Redirected to login page as expected.");
+
+            if (email == null)
+            {
+                await ThrowIfResponseStatusNotOk(response);
+                var responseContent = await response.Content.ReadAsStringAsync();
+                ValidateLayoutPage(responseContent);
+
+                Assert.Contains("<title>Log in – ASP.NET MVC Music Store</title>", responseContent, StringComparison.OrdinalIgnoreCase);
+                Assert.Contains("<h4>Use a local account to log in.</h4>", responseContent, StringComparison.OrdinalIgnoreCase);
+                Assert.Equal<string>(_deploymentResult.ApplicationBaseUri + PrefixBaseAddress("Account/Login?ReturnUrl=%2F{0}%2FAdmin%2FStoreManager%2F"), response.RequestMessage.RequestUri.AbsoluteUri);
+                _logger.LogInformation("Redirected to login page as expected.");
+            }
+            else
+            {
+                Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
+                var responseContent = await response.Content.ReadAsStringAsync();
+                ValidateLayoutPage(responseContent);
+
+                Assert.Contains("<title>Access denied due to insufficient permissions – ASP.NET MVC Music Store</title>", responseContent, StringComparison.OrdinalIgnoreCase);
+            }
         }
 
         public async Task RegisterUserWithNonMatchingPasswords()
diff --git a/test/E2ETests/SmokeTests.cs b/test/E2ETests/SmokeTests.cs
index 309f238ee8..72182fc938 100644
--- a/test/E2ETests/SmokeTests.cs
+++ b/test/E2ETests/SmokeTests.cs
@@ -202,7 +202,8 @@ namespace E2ETests
                     await validator.SignInWithInvalidPassword(generatedEmail, "Password~1");
                     await validator.SignInWithUser(generatedEmail, "Password~2");
 
-                    // Making a request to a protected resource that this user does not have access to - should automatically redirect to login page again
+                    // Making a request to a protected resource that this user does not have access to - should
+                    // automatically redirect to the configured access denied page
                     await validator.AccessStoreWithoutPermissions(generatedEmail);
 
                     // Logout from this user session - This should take back to the home page