I've read so many blog posts and articles that my eyes are getting blurry. I haven't yet found what I need (or I just don't understand what I'm doing, which is most likely).
We have a WCF data service that we want to restrict access to. We want to put the web client in an app pool, and then only the app pool account should be able to use the WCF data service.
If someone hits the WCF service directly from a browser, or from another application, they should not be able to access the data.
How do I set this up? I tried impersonation, but I couldn't seem to get that to work.
Securing WFC data services seems way too difficult, but maybe I am just not looking at it correctly. Any help would be appreciated. Thanks.