Using HTTP POST (www-form-encoded) against ASP.NET ASMX with Soap Authentication

I am working on integrating with a vendor's ASP.NET WebService. We are running on an architecture that does not allow for easy consumption of SOAP resources. However, our vendor supports HTTP POST and HTTP GET (using application/x-www-form-encoded - query strings). The issue that we have run into is authentication.

The WebService in question, via SOAP, requires a SoapHeader with a ClientCredentials node containing username and password nodes. We assume they are using Soap Authentication. How do we go about consuming this WebService without resorting to SOAP?

An example of a SOAP request (per their WSDL):

POST /webservices/service1.asmx HTTP/1.1
Host: localhost
Content-Type: application/soap+xml; ch开发者_开发百科arset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="https://localhost" xmlns:types="https://localhost/encodedTypes" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
    <types:ClientCredentials>
      <username xsi:type="xsd:string">string</username>
      <password xsi:type="xsd:string">string</password>
    </types:ClientCredentials>
  </soap:Header>
  <soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
    <tns:Method>
      <parameter xsi:type="xsd:string">string</parameter>
    </tns:Method>
  </soap:Body>
</soap:Envelope>

Similarly, the .ASMX describes the availability of using HTTP GET or HTTP POST, as follows:

POST /webservices/service1.asmx/Method HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length: length

parameter=string

Note the above does not describe any authentication information.

We have tried things such as:

username=user&password=pass&parameter=string

ClientCredentials=<username>user</username><password>pass</password>&parameter=string

as well as different flavors of HTTP Authentication. Nothing seems to work, and the support that we are receiving is not of any use- they literally cannot tell us how their webservice is even functioning.

Has anyone had experience doing this?