Because the AJAX.NET hadn't been finalized yet, and because the app I was trying to "AJAX up" was a 1.1 app, I chose to roll my own AJAX backend.  It's extremely simple and lightweight, and really wasn't difficult to do.  The only problem that I had was in an Intranet setting with Windows Authentication security throughout.  The first time the client would initiate an AJAX call, the browser would throw a login credential request up.  I tried many different security settings to defeat that but was not successful.  Until I came across an article that mentioned it in passing.  Here's my altered code block:

<snip>
        req.onreadystatechange = processReqChange;
        req.open('POST', szURL, true);
        req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
        req.setRequestHeader("Content-length", data.length);
        //req.setRequestHeader("Connection", "close");  /// Fixes AJAX Authentication Issue!!!
        req.send(data);
</snip>

Note, line 5 is commentted out.  I don't know why this works, but it does and seemingly without any impact on either the client or the server.  All sessions are closed successfully and there is no data leakage that I can see.  So until I upgrade the app to 2.0 and use the official framework, I'm going with it.

If you'd like my AJAX backend .js file, it is only 60 lines and meets simple AJAX needs.  Just drop me a comment or email here with your address and I will get back to you.