Based MVC5 Identity, How can I change the grain of authorize from role-based to power-based？

Identity‘s  grain of authorize  is  role-based ,   Three tables (AspNetRoles , AspNetUserRoles , AspNetUsers) in the  database is  related .

dbo.AspNetRoles

Id(PK, nvarchar(128), not null)
Name(nvarchar(256), not null)

dbo.AspNetUserRoles

UserId(PK,FK,nvarchar(128), not null)
RoleId(PK,FK,nvarchar(128), not null)

dbo.AspNetUsers

Id(PK,nvarchar(128), not null)
Email(nvarchar(256), null)
......
UserName(nvarchar(256), not null)

So, I can only  control authorization from role  such as [Authorize(Roles = "Admin")].

Now, I want  the authorization be more flexible , I want to  add  two  tables (Powers, RolesPowers) into the database.

dbo.RolesPowers

RoleId(PK,FK,nvarchar(128), not null)
PowerId(PK,FK,nvarchar(128), not null)


dbo.Powers

Id(PK, nvarchar(128), not null)
PowerName(nvarchar(256), not null)

So, I hope to achieve the effect  such as [Authorize(Powers = "ProductAdd")].  

The powers is  usually match  to the Action  , such as ProductAdd, ProductDelete, ProductModify, NewsAdd,  and so on.

What should I do ?