It seems the actual requirement is user specific authorizations on backend and authentication would be the correct means to that end, but there is an alternative:
After authentication of service user on the backend, perform a "call back" to get the user name from the RFC client system (there are ABAP functions for that, but you will need to provide an equivalent non-SAP function on your portal.
You won't be able to check auths, but could for example use business partner similar functionality as the user name is known.
Just a thought,
Julius