You web service will run under IIS, so the credential used to invoke external app is controlled by your IIS security setting. By default, IIS uses a specific user account to run web services, so you may not have access to external apps; however, you can configure that manually.