You do not need to create a new attribute to limit authorization by ROLE. You can use Authorize itself, for example:
[Authorize(Roles="User")]
Now if you'd really like to create a new attribute, here's some information.
You can create a custom attribute as follows:
public class Author : System.Attribute
{
private string name;
public double version;
public Author(string name)
{
this.name = name;
version = 1.0;
}
}
[Author("P. Ackerman", version = 1.1)]
class SampleClass
{
// P. Ackerman's code goes here...
}
But the attribute alone does nothing. You need to create a routine that uses reflection to identify the attributes and give some meaning to them. Here is a reference link that explains it best.
Reference: link