double hop authentication resolution

The dreaded doublehop authentication issue was recently a thorn in my side no one was able to answer.  Finally I have come to the answer.  For anyone out there having this issue, there are only a few steps you need to follow to get you website to call your wcf with the logged on users authentication.  I am not sure that all of the steps below are needed, but if it works I am willing to do them all.  I have highlighted the key components of each that I believe together resolve this issue.

On the wcf method (not the interface declaration)
<OperationBehavior(impersonation:=ImpersonationOption.Allowed)>
Add a Behavior attribute to the WCF Project config (this can either be added directly to config or added via wcf configuration utility
<behaviors>
      <serviceBehaviors>
        <behavior name="customBehaviorName">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="UseWindowsGroups" impersonateCallerForAllOperations="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>


In the website add the service reference to the WCF service
set up the serviceclient
Dim client As New ServiceReference1.Service1Client()
        client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation
        client.ChannelFactory.Credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials
         client.methodWithPassThroughAuthentication()

As a note, at the IIS level I also have Windows Authentication and ASP.NET Impersonatation enabled on the Website , and Anonymous Authentication and Windows Authentication enabled for the WCF service.

thanks to Peter T for providing the link that finally led me to figure this one out.
http://blogs.msdn.com/b/securitytools/archive/2009/11/04/double-hop-windows-authentication-with-iis-hosted-wcf-service.aspx