As
RaisKazi[
^] already wrote in a comment to your question, HTTP is per se stateless. Any state you would want would have to be implemented by your server application. A client could pass along a cooky or something that was passed back to it in a previous response to identify themselves to the server. For authentication purposes I'd advise you to use NetworkCredentials and have the service listen to requests over HTTPS.
Cheers!
—MRB