I have a website that uses ASP.NET 2.0 Cookie-less Forms Authentication.  
Once authenticated, the user has access to a number of pages, most of which
call one or more web methods on a web service I have also created.

The problem I am having is that I am not sure what credentials to send the
web service that it can use to authorize the user by role.  For instance, I
have some web methods that are only intended to be called by a user who has
been authenticated in an Admin role.  I'd like to be able to do the following:

1) Authenticate the user via the Forms Authentication.
2) Have the user navigate to a page and/or perform an action that calls a
web method on my web service.
3) Pass credentials based on the authentication that occurred in step 1 to
the website either as part of the method call or along with it (in a SOAP
header perhaps).
4) Have the web method use the passed credentials to authorize the user's
access to itself.

Steps 1,2, and 4 are already working.  I just don't know what to do with
step 3.

Any help is appreciated.