1. Under Central Admin, Manage Service Applications, Start Security Token Service App.
2. Under Central Admin, Manage Farm Features, Activate Excel Service.
3. In c2wtshost.exe.config in c:\program files\windows identity foundation\v3.5, modify allowed callers with
Remember that when testing security locally from the server, it is the logged-in Windows user, not the Sharepoint user, that is passing the credentials.
Further details.
http://powerpivotgeek.com/2010/02/08/the-data-connection-uses-windows-authentication-and-user-credentials-could-not-be-delegated/