How do I load a file into WCF along with credential authentication?

I have a WCF, streaming and security issue which is not the biggest deal, but I wanted people to think about how I could get around this.

I need to allow clients to upload files to the server, and I allow this with the transferMode = "StreamedRequest" function in BasicHttpBinding. When they download a file, I would like to put that file on the file system and update the database with the metadata for the file (I'm actually using the SILI Server 2008 FILESTREAM datatype, which natively supports this). I am using Windows WCF Authentication and Kerberos Credential Delegation for SQL Server to authenticate my database.

The problem is that, as an exception that I am gratefully receiving, "HTTP request streaming cannot be used in conjunction with HTTP authentication." So for my fileservice load, I cannot pass the Windows Authentication token along with my call. Even if I weren't using SQL Server accounts, I wouldn't even be able to identify my caller with my Windows credentials.

I worked on this temporarily, leaving the upload method unsecured and forcing it to dump the file into temporary storage and return the locator GUID. The client then makes a second call to a secure, non-streaming service, passing in a GUID that downloads the file from temporary storage to the database using Windows authentication.

Obviously this is not ideal. From a performance standpoint, I am doing additional read / write to disk. From a scalability point of view (in principle with a load balancer) it is not guaranteed that I hit the same server with two subsequent calls, which means that the temporary file storage must be in a shared location, which means not a scalable design.

Anyone can think of a better way to handle this situation? As I said, this is not the biggest deal since a) I really don't need to scale this thing up a lot, there aren't that many users, and b) those uploads / downloads don't seem to get much. But still, I would like to know if I am missing an obvious solution here.

Thanks, Daniel