When a user tries to consume a web service, the user is asked for credentials. After a user enters them, the web service is consumed. My question is, if a user is authenticated before consuming a web service, then is that web service consumed under that user's identity or is that web service being consume with 'god-like' permissions and roles?

If the latter is the case, is there any other way to get a hold of the authenticated user without passing in parameters?

Thanks,
-Tim