You can solve this in two ways:
- Let the index action be accessible by anonymous user and based on the role call different functions.
- Create your own custom Authorization attribute (you can find an example here).
Both the approaches are fine, with no distinct advantage/disadvantage over one and another, so you could choose any of them.
Hope this helps.