Hi Krish,
If the providing web service required the header in this format, you cannot get rid of it.
However, to prevent to hardcode user and password in abap code, you can debug and find out what is the table that store SOAMANAGER configuration and try to get user name and password from there.
If that does not work, you can create a custom table to contain user and password and only provide authorization to see that table to only admin. This is the solution we used.
To make it more secure you can write abap code with encryption/decryption logic used when store/retrieve data to custom table.
Regards,
Chaiphon