private static void ConfigureApis(HttpSelfHostConfiguration configuration)
{
// authentication
var authConfig = AuthenticationConfig.CreateConfiguration();
authConfig.ClaimsAuthenticationManager = new ConsultantsClaimsTransformer();
configuration.MessageHandlers.Add(new AuthenticationHandler(authConfig));
// authorization
configuration.SetAuthorizationManager(new GlobalAuthorizationManager(DefaultPolicy.Deny));
// CORS
CorsConfig.RegisterGlobal(configuration);
// dependency resolver for authorization manager
configuration.DependencyResolver = new AuthorizationDependencyResolver();
}