I just tried adding the username and password as url query string parameter as @josh mentioned, and it works for me if I have the Use secure session Keys and login page option unchecked in the Web Server → Advanced page.
Found this in the Blue Iris help doc.
