Ive recently written a whitepaper about how you could flow the details of a Windows Identity through Windows Azure Service Bus Queues and then use that on-premise to act as that user when accessing downstream resources.
The paper shows a walk through of setting up a complex scenario involving protocol translation, and kerberos multi-hop delegation to get the message from a queue with the identity associated and then to flow the identity through 2 WCF hops and then to impersonate the user when accessing a SQL database.
Im hoping this complex scenario is explained nice and clearly so that it helps people really understand what settings need to be configured where to implement this.
The paper is available in:
Also special thanks to Brian Milburn for reviewing this for me
Love to hear what people think