Those "asmx" services are intended for use by the Orion website itself, called from the end user's browser. As such, they expect cookie authentication. Is that what you are using?
At this time there is no SWIS API for managing SAM components.
I would expect the same (that the service required cookie authentication) only I was able to call the services using normal authentication up until the point where I installed the latest core update hotfix. Well at least now I know my only likely solution is to start researching cookie authentication.