For this scenario I would recommend a Filter that derives from AuthorizeAttribute and then override the AuthorizeCore method. As far as I know these kind of Filters are executed before any other filters (includeding those derived from ActionFilterAttribute, like yours).
I had a similar scenario like yours and deriving from AuthorizeAttribute did the job for me.