The forbidden problem appears because after the first login a login cookie is created and the user is persisted as logged in for 2 hours (by default) you don`t need to login again while the authentication cookie created by the login and authentication methods is still active. You need to modify the code to call the logout method in GetPages() to be sure there is not logged in user at the moment and them login the user again after which the service will retreive results.
The login cookie duration timer can be configured in Administration->Settings->Advanced->Security in textbox AuthCookieTimeout.
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking
system and vote to affect the priority of the items