So for a while I was running with unsecured web service methods, checking the referrer server variable is in no way a secure method. But somehow I ran into the EnableSession property of the WebMethod attribute. By default web methods for performance reasons don't have access to the session state. By setting:
[WebMethod(Description = "method description",EnableSession=true)]this changes and I can now access my authentication object to check for the current user.
This should also work for other authentication methods like the ones built into asp.net.