Do not reinvent AuthoriazeAttribute. Your version won't handle cached actions; the built in AuthorizeAttribute will. If you need to customize your authentication, then customize the membership provider or subtype AuthorizeAttribute, rather than reinventing MVC security.
Craig Stuntz
2010-01-12 17:01:54