How-to
Allow a specific sender
Goal
Add an authorization rule that allows messages from a specific identity to be accepted by your agent.
Code
using HexaEight.Bridge;
using HexaEight.Bridge.Authorization;
var client = new Client();
var policies = (CasbinAuthorizationProvider)client.Authorization;
await policies.AddPolicyRuleAsync(new PolicyRule(
Sender: "[email protected]", // who is allowed
Destination: "self", // to reach my agent
Realm: "default", // baseline rule
Direction: "inbound", // when receiving
Effect: "allow")); Effect
After running this code, the SDK will allow incoming messages from
[email protected] to reach your agent. Messages from other
senders will be denied (unless another rule allows them) because adding
the first rule turns off bootstrap mode.
Verifying the rule fired
Decrypt a message from alice and inspect the result:
var msg = await client.DecryptEnvelopeAsync(envelopeFromAlice);
Console.WriteLine($"Authorized: {msg.Authorized}"); // Allowed Variations
- To allow multiple senders with one rule, see Use wildcards in rules.
- To allow outbound rather than inbound, change
Directionto"outbound". See Restrict by direction. - To block a specific sender, see Deny a specific sender.
See also
- The authorization model Concept
- Deny a specific sender How-to
- Use wildcards in rules How-to