Hi Birgit,
if I summarize your use case correctly, you are just getting a request containing credentials using basic authentication and you should be able to login your user into the NG client solution.
AFAIK on browser level there's no way to read the headers of a request (actually there is, but Chrome already marked this as deprecated)
This means you can not get the authorization header which contains the basic authentication string.
You already found a way of getting the credentials using a webservice.
What you could do is create an access token via your webservice and in response to the request you pass the redirect url (your solution URL) including the access token.
This should then look like this:
http://<mySolutionURL>/solutions/<mySolution>/index.html?f=loginform&token=<myTempAccessToken>
The service that initially made the request should then open the webbrowser using this redirect URL.
You will be able to read the so called query string in order to retrieve the access token and use that to skip the login form whenever that token is still valid.
If the above can not work, you could try if a redirect response (official http status 302 response) could work.
AFAIK this can not be done using the RESTful webservice plugin which servoy ships.
However using the Velocity plugin, this is doable.
Again this should also use the access token approach.
Last but not least, you could use an SSO service (as Ron described in the forum post I referenced previously)
The initial request should then logon to the SSO service and your application should hook into this service as well to verify the actual authentication state.
This option however requires additional services.
Hope this helps