Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • At the endpoint itself. By default, this group always has a requirement that states authentication is required.
    • Note:  Since all requirements in a collection are processed with a 'one pass all pass' approach, the only security requirement you should add at the end point level is 'allowAnonymous'. Other requirements at this level will not have the intended approacheffect. This is because of the implicit security requirement requiring authentication that's applied at this level. More information is available on the page for the Allow Anonymous Requirement.  
  • Within each route segment. In this scenario, while the requirements are defined at the segment level, the entire collection of route level requirements are treated as a single collection. Requirements picked up from parent routes are evaluated as separate collections.
  • Within each input entity field definition.


titleCommon Metadata for Security Requirements

Property NameValueDescription
typestringThe type of the requirement in question. This tells the framework how to instantiate the objects necessary to execute the requirement.

The security framework is flexible enough to allow for requirements of any type to be created but that is not covered in these pages.