If you use the IIS or Apache web server for hosting your HTTP service that is provided with a 1C:Enterprise application, you can specify the user and password of the infobase in the default.vrd file.
For instance, if your infobase works in file mode, then, in default.vrd, you can specify the user and password as follows:
Alternatively, if the user and password are not specified in default.vrd, then, if you connect to your HTTP service from another 1C:Enterprise application working as a service client, in the application code you can specify the connection like this:
tConnection = New HTTPConnection("localhost", 80, "John", "qwerty");
tHTTPRequest = New HTTPRequest("/HTTPTest/hs/Exchange/test-parameter/Test/GetInfo?param=value");
tResponse = "";
tHTTPResponse = tConnection.Get(tHTTPRequest);
tResponse = tHTTPResponse.GetBodyAsString();
When writing your client application in another programming language, you can use a similar approach when connecting to your HTTP service.
Also, you can make your HTTP service rely on Windows (OS) authentication.