Authorization settings for the web api or microservice.
|Policies||Yes||A list of policies that can be applied in your api or microservice.||None|
|Name||Yes||The name of the policy (e.g. ||None|
|PolicyType||Yes||The type of policy that will be used. The only valid policy type at the moment is ||None|
|PolicyValue||Yes||The value of the policy that is going to be added (e.g. ||None|
|EndpointEntities||Yes||The entity endpoints that this policy restriction should be applied to.||None|
|EntityName||Yes||The name of the entity that you want to apply the policy authorization restriction to. This field needs to match the name of the entity class that the controller is based on.||None|
|RestrictedEndpoints||Yes||A list of controller endpoints that the associated policy should be added to for the designated entity. These endpoints must match one of the values in the Endpoint Options Section.||None|
At the moment, only scope policies can be scaffolded out in a Wrapt project. With that said, as with any Wrapt project, you can absolutely update it to use additional policies and authorize by role or by a claim as well. If you're adding this manually, make sure you hit all the right places.
As always, if there enough of a need for these to be supported out of the box, please feel free to submit a feature request on GitHub.
Authentication and Authorization are a very complex domain to work with. I've made an effort to consolidate my learning around auth to help myself and others if you'd like to check it out.
AuthorizationSettings: Policies: - Name: CanReadPatients PolicyType: scope PolicyValue: patients.read EndpointEntities: - EntityName: Patient RestrictedEndpoints: - GetList - GetRecord - Name: CanAddPatients PolicyType: scope PolicyValue: patients.add EndpointEntities: - EntityName: Patient RestrictedEndpoints: - AddRecord - Name: CanDeletePatients PolicyType: scope PolicyValue: patients.delete EndpointEntities: - EntityName: Patient RestrictedEndpoints: - DeleteRecord - Name: CanUpdatePatients PolicyType: scope PolicyValue: patients.update EndpointEntities: - EntityName: Patient RestrictedEndpoints: - UpdateRecord - UpdatePartial