This configuration section contains a collection of authorization policy types, which can be added using the
add keyword. Each authorization policy contains a single required
policyType attribute that is a string. The attribute specifies an authorization policy, which enables transformation of one set of input claims into another set of claims. Access control can be granted or denied based on that. For more information on how an authorization policy works, see IAuthorizationPolicy and Authorization Policy.
Authorizing Access to Service Operations
How to: Create a Custom Authorization Manager for a Service