The best way to accomplish this is via reverse-proxy. Instead of having an iframe with hard-coded credentials, the iframe can point to a reverse proxy that you control. The proxy then has logic to add the auth headers, as required.
Here's an example setup for nginx that you can use as a starting point: Auto-authenticating to iframe-embedded Kibana dashboard