Since I don't want to make any assumptions, I will simply ask...
Is this module really defined in your domainmodel? Considering you might reuse your domain in a desktop app, that module might be rendered useless.
In any case, what I would probably do here is write a service that checks a db table using a repository. Then add a custom attribute in my web project like the following:
public class BlacklistAttribute : AuthorizeAttribute
protected override bool AuthorizeCore(HttpContextBase httpContext)
string userHostAddress = HttpContext.Request.UserHostAddress;
IBlackListService blacklistService = DependencyResolver.Current.GetService<IBlacklistService>();
return !blacklistService.IsBlackListed(userHostAddress) && base.AuthorizeCore(httpContext);
Being based on AuthorizeAttribute, you can still use it to check normal things first.
// just check blacklist
// check roles as well as blacklist
And it can be applied anywhere Authorize can, inclusing class level. This allows for a more fine-grained application.
NOTE: Untested code above. You may need to play around with it.