restrict user access to controller based on property in object (asp.net mvc)

What is the best way to control user access to a controller. I have local User object with a property(boolean - "IsSubscribed"). Users can only access the controller if the value is true.

Notes:

I use forms authentication, but NO .net membership/profile开发者_如何转开发 etc.

mvc version 2

You could write a custom Authroize attribute:

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (isAuthorized)
        {
            // Perform your custom authorization and return true/false
        }
        return isAuthorized;
    }
}

and then decorate your controller/actions with this attribute.