Yes, BizTalk has a provision for carrying the original user account context along with the message (kind of). It is called single sign-on (SSO). It is designed to allow you to store mappings between AD accounts and other system accounts, such as databases or mainframes. Many BizTalk adapters support SSO and will automatically look up the sign-on credentials from SSO and use them to call out to external systems. In an SSO scenario, when BizTalk receives a message it attaches an SSO ticket to the message that outbound adapters can use to perform SSO lookups. You might be able to use this SSO ticket to flow the original user credentials along with the message. Unfortunately, this is pretty complicated to set up, but it is probably your best bet to get your scenaio working. I’ve never had this specific requirement, so I don’t know exactly how to do it. This link would be a good place to begin research: http://msdn.microsoft.com/en-us/library/ms942599.aspx
A good workaround might be to stand up a WCF service in front of (or instead of) BizTalk and do the lookup there where user impersonation is easy.