IIRC, you should be able to specify an account for the IIS site (or app pool even), that proxie's all the users requests. In essence, from a Windows AD point of view, the user is anonymous. That account can be added into SQL as a Windows login.

That's what I've done and would do. Keeps developers out of production SQL boxes as they shouldn't have the proxy account's credentials.