This configuration section contains a collection of authorization policy types, which can be added using the add keyword. Each authorization policy contains a single required policyType attribute that is a string. The attribute specifies an authorization policy, which enables transformation of one set of input claims into another set of claims. Access control can be granted or denied based on that. For more information on how an authorization policy works, see IAuthorizationPolicy and Authorization Policy.
Reference<add> of <authorizationPolicies>
Other ResourcesAuthorizing Access to Service Operations
How To: Create a Custom AuthorizationManager for a Service