@Jaclyn Tan
Just want to give you a hint because you said that you don't want to hardcode authentication header.
Before connecting to web service open form for username & pass, and use that data when creating soap message.
If you are using ksoap or generate stub the same thing happens, you will have message and just need to add username&pass. If you hardcode username&pass in application it doesn't metter is it string or stub or anything else. It can be decompiled.
I mannaged to add authentication in header with ksoap by using envelope.headerOut
but there is major problem with prefix and namespace that I cannot solve, and always get server error.
For envelope.headerOut you can add authentication as an Element[] (org.kxml2.kdom.Element)
But again you'll need to hardcode Element[] structure of authentication header.
There is some progress I made by extending ksoap classes and override prefix and namespace creation but then why should I use ksoap if I need to create my own
