Do you mean using ASP password protection, or do you have access to create windows users and use a domain login?
If you have an ASP application (i.e use of global.asa, you can use a session_onstart/onend and application_onstart/onend to direct to login pages and set the usernames and passwords. You could use a database to store usernames and passwords, or you can hardcode your username and password into a login page, set a session variable to say they're logged in, and check in every page to make sure the session variable is set.
Can you give any more details? Some methods are preferable over others for security/maintainability
I'd recommend a domain login then. You create it through IIS Snapin in mmc. You disable anonymous access to the resource, set which login type you want (bearing in mind that this IS crackable), and then any authenticated windows user can access the folder contents.