I'm trying to secure my workflow service so that not every user can call the workflow service, so I put a PrincipalPermissionScope on my workflow. Every activity resides in this scope. Both the website that is calling the workflow service and the workflow
service itself are in the DefaultAppPool application pool. I set the PrincipalPermissionName on the scope to the user that is set as the identity for the DefaultAppPool: "MyDefaultAppPoolUser", I didn't touch the PrincipalPermissionRole property. But
still every call to the workflow service results in an 'Access denied' exception.
Is there anything more I should do to make this work?