What do session enabling and cookieless have to do with authentication?

Ok, we're stuck on this one for like 2 days and don't have a clue yet.

We have a .asmx web service (configured as cookieless="true"):

    [WebMethod(EnableSession =true)]
    [ScriptMethod(ResponseFormat = ResponseFormat.Json)]
    public string SimplestWebService()
    {
        return "Simplest web service works";
    }

And we try to call it from both: c# form application, like so:

 private void button1_Click(object sender, EventArgs e)
        {
          开发者_JS百科  string url = "http://192.168.5.223:8989/MyAPI.asmx/SimplestWebService";
            HttpWebRequest req = (HttpWebRequest) WebRequest.Create(url);
            req.Method = "POST";
            req.ContentType = "application/json; charset=utf-8";
            req.UseDefaultCredentials = true;
            req.PreAuthenticate = false;
            req.ContentLength = 0;
            var result = new StringBuilder();
            using (HttpWebResponse res = (HttpWebResponse) req.GetResponse())
            {
                StreamReader sr = new StreamReader(res.GetResponseStream());
                result.Append(sr.ReadToEnd());
            }
            label1.Text = result.ToString();
        }

And Jquery, like so:

 function simplestMethod() {

            var callParams = "{}"
            $.ajax({
                type: "POST",
                url: "http://192.168.5.223:8989/MyAPI.asmx/SimplestWebService",
                data: callParams,
                contentType: "application/json; charset=utf-8",
                dataType: "json",
                success: function (data) {
                    alert(data.d);
                },
                error: function (XMLHttpRequest, textStatus, errorThrown) {
                    alert("Error Occured!" + " | " + XMLHttpRequest.responseText + " | " + 
                    textStatus + " | " + errorThrown);
                }
            });
        }

The Forms application yields the following error:

The remote server returned an error: (401) Unauthorized.

But when removing the contentType line - returns valid output- but in XML (instead of json.. which is obvious).

The Jquery (which is on the same machine as the web service) gives:

Both work perfectly when we use them not in cookieless mode or with sessioneabled=false. But that's not what we need.

I should also mention we work with IIS 6.0 & .NET 4.0. One last thing - If we go directly to the web service link (using a browser), it works but returns XML (instead of json).

Any advice as to how to make this work with cookieless=true and EnableSession=true would be much appreciated.

Thank you.

---

I got this to work after finding some code at:

http://ardentdev.com/cookieless-session-with-aspnet-ajax-and-web-services/

More specifically, the following call worked for me as I couldn't get the first example I saw in the page to work for me. It properly generates the URL to the service with your SessionId in the URL, so the server can properly lookup your session...

Sys.Net.WebServiceProxy.invoke(‘WebService.asmx’, ‘HelloWorld’, false,{}, SucceededCallback, null,”User Context”,1000000);

Info on this call can be found at: http://msdn.microsoft.com/en-us/library/bb383814.aspx

It's really sad that this scenario is not covered anywhere that I could find, on an MSDN site...The above page was the only thing I could find, that had a working code sample...

Rich