I'm trying to secure my workflow service so that not every user can call the workflow service, so I put a PrincipalPermissionScope on my workflow. Every activity resides in this scope. Both the website that is calling the workflow service and the workflow service itself are in the DefaultAppPool application pool. I set the PrincipalPermissionName on the scope to the user that is set as the identity for the DefaultAppPool: "MyDefaultAppPoolUser", I didn't touch the PrincipalPermissionRole property. But still every call to the workflow service results in an 'Access denied' exception.
Is there anything more I should do to make this work?
Be sure to specify your clientCredentialType to UserName and you need to specify the PrincipalPermissionName as "IIS AppPool\DefaultAppPool". Here is a lab document on using this, it walks you through this: http://download.microsoft.com/download/F/6/A/F6A8155E-2E48-4D85-A6F9-A99A7F819678/05SecuringWFServices.doc.
If this answers your question, please use the "Answer" button to say so | Ben Cline
- 已标记为答案 Ben Cline1MVP, Moderator 2011年12月15日 14:27