diff --git a/CSR.WebUI/Pages/AccessDenied.cshtml b/CSR.WebUI/Pages/AccessDenied.cshtml
new file mode 100644
index 0000000..1d93fdf
--- /dev/null
+++ b/CSR.WebUI/Pages/AccessDenied.cshtml
@@ -0,0 +1,11 @@
+@page
+@model CSR.WebUI.Pages.AccessDeniedModel
+@{
+    ViewData["Title"] = "Access Denied";
+}
+
+<div class="text-danger">
+    <h1 class="text-danger">Access Denied</h1>
+    <p class="text-danger">You do not have permission to access @Model.ResourceName.</p>
+    <p>If you believe this is an error, please contact your administrator.</p>
+</div>
diff --git a/CSR.WebUI/Pages/AccessDenied.cshtml.cs b/CSR.WebUI/Pages/AccessDenied.cshtml.cs
new file mode 100644
index 0000000..1fc97f3
--- /dev/null
+++ b/CSR.WebUI/Pages/AccessDenied.cshtml.cs
@@ -0,0 +1,25 @@
+namespace CSR.WebUI.Pages;
+
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using System.Web;
+
+public class AccessDeniedModel : PageModel
+{
+  public string ResourceName { get; set; } = "the requested resource"; // Default message
+
+  public void OnGet(string returnUrl)
+  {
+    if (!string.IsNullOrEmpty(returnUrl))
+    {
+      // Decode the URL if it was encoded
+      var decodedUrl = HttpUtility.UrlDecode(returnUrl);
+
+      var uri = new Uri("http://localhost" + decodedUrl); // Use a base URI to help with parsing
+      ResourceName = uri.Segments.Length > 1 ? uri.Segments.Last() : "the requested resource";
+      if (string.IsNullOrEmpty(ResourceName))
+      {
+        ResourceName = "the requested resource";
+      }
+    }
+  }
+}