Install a cert (trusted) on the website, enable basic auth disable anon. Done. No need for app pool identity, etc.