ASP.NET Web API role based authorization based on route parameter

You could do this with a custom AuthorizeAttribute, for example:

public class ClubAuthoriseAttribute : System.Web.Http.AuthorizeAttribute
{
    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        int clubId;
        int.TryParse((string) actionContext.ActionArguments["clubId"], out clubId);

        if (!UserCanManageClub(clubId))
        {
            return false;
        }

        return base.IsAuthorized(actionContext);
    }
}

And then use this new attribute instead:

[ClubAuthorise(Roles = "ClubManager")]
[Route("{clubId}")]
public Club GetClub(int clubId)

Note, this is assuming the parameter is named clubId, but you should have enough here to customise it to your needs.