SharePoint GetGroupCollectionFromUser Web Service Returns `HTTP request was forbidden` error

Question 1

If your SharePoint WebServices web application use NTLM authentication you can try this

ug.ClientCredentials.Windows.ClientCredential = new NetworkCredential("myusername", "mypassword");

and in your app.config

<security mode="Transport">
    <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
    <message clientCredentialType="UserName" algorithmSuite="Default" />
</security>

Edited:

Because NTLM authentication is disabled in you web application for access to web services you must first login with Authentication.asmx web service and retrieve the authentication cookie and send it with other web services calls like this:

            string cookie = "";
        LoginResult loginResult;
        string result;

        AuthenticationSoapClient authentication = new AuthenticationSoapClient();
        UserGroupSoapClient ug = new UserGroupSoapClient();

        using(OperationContextScope scope = new OperationContextScope(authentication.InnerChannel))
        {
            loginResult = authentication.Login("user", "pass");
            if (loginResult.ErrorCode == LoginErrorCode.NoError)
            {
                MessageProperties props = OperationContext.Current.IncomingMessageProperties;
                HttpResponseMessageProperty prop = props[HttpResponseMessageProperty.Name] as HttpResponseMessageProperty;
                string cookies = prop.Headers["Set-Cookie"];
                // You must search cookies to find cookie named loginResult.CookieName and set its value to cookie variable;
                cookie = cookies.Split(';').SingleOrDefault(c => c.StartsWith(loginResult.CookieName));
            }
        }

        HttpRequestMessageProperty httpRequestProperty = new HttpRequestMessageProperty();
        httpRequestProperty.Headers.Add(System.Net.HttpRequestHeader.Cookie, cookie);
        using (new OperationContextScope(ug.InnerChannel))
        {
            OperationContext.Current.OutgoingMessageProperties.Add(HttpRequestMessageProperty.Name, httpRequestProperty);
            result = ug.GetGroupCollectionFromUser(LoginName).ToString();
        }

and make sure in app.config allowCookies properties of all binding be false.

<basicHttpBinding>
   <binding name="AuthenticationSoap" allowCookies="false"/>
   <binding name="UserGroupSoap" allowCookies="false"/>
</basicHttpBinding>

Question 2

Something like the following should work: (Taken / Edited from http://social.msdn.microsoft.com/Forums/en-US/sharepointdevelopment/thread/b17ae5c8-f845-4cee-8298-c4f7b5c52b57)

I think you should use SPGroup to get all the groups from site and find the user in all groups:

For single user and if you know the group name then you can try with this code:

SPWeb site = SPContext.Current.Web;
SPGroup groupToQuery = site.Groups["Project"];
bool istrue = site.IsCurrentUserMemberOfGroup(groupToQuery);

If you don't know the group name then try with below code (This is not tested by me)

using (SPWeb rootWeb = topLevelSite.OpenWeb())
{
    foreach (SPGroup group in rootWeb.Groups)
    {
        bool isUserInGroup = IsUserInGroup(group, currentUser.LoginName);
    }
}

private Boolean IsUserInGroup(SPGroup group, string userLoginName)
{
    bool userIsInGroup = false;

    try
    {
        SPUser x = group.Users[userLoginName];
        userIsInGroup = true;
    }
    catch (SPException)
    {
        userIsInGroup = false;
    }

    return userIsInGroup;
}