...
- At the endpoint itself. By default, this group always has a requirement that states authentication is required.
- Note: Since all requirements in a collection are processed with a 'one pass all pass' approach, the only security requirement you should add at the end point level is 'allowAnonymous'. Other requirements at this level will not have the intended approacheffect. This is because of the implicit security requirement requiring authentication that's applied at this level. More information is available on the page for the Allow Anonymous Requirement.
- Within each route segment. In this scenario, while the requirements are defined at the segment level, the entire collection of route level requirements are treated as a single collection. Requirements picked up from parent routes are evaluated as separate collections.
- Within each input entity field definition.
...
| Info | ||||||
|---|---|---|---|---|---|---|
| ||||||
|
The security framework is flexible enough to allow for requirements of any type to be created but that is not covered in these pages.
...