Securing a directory

I would like part of a website I'm developing to only be accessible by a certain group of people. All 20-25 people could have the same username and password...

My first thought would be to set up a new user and a directory on the website with special permissions (I know nothing about how to do it, mind you) so when someone tried to access a page in this directory, they'd be asked to supply a username and password (authenticate?) We're running IIS 5.0.

Our tech guy seemed to think using cookies would be a better way to go.

What's the best way to go about this? Thanks

If you want to go the cookie route, you'll need to make sure all the pages in the directory can read cookies and redirect the user if the cookie isn't set. So, all your pages would need to be ASP/PHP etc. If this is the case, all you need to do is have users enter name/password on a page and then set a session variable on login.

However, setting the directory permissions through IIS would probably be just as easy, especially if everyone is going to use the same login information.

the best solutions (of course ) would be to install apache and use .htaccess for that and many more purposes
And IMO, cookies are not reliable and should be avoided whenever possible

...for your insight. I'm really hesitant to use cookies - just seems like quite a pain.

Could anyone provide me with some insight on this IIS Authentication? Found a good article on iisadministrator.com, but wondered if any of you have more experience with actually setting this up.

Cookies are a good tool to use for alot of things, but htaccess has the advantage of working eventhough the user might have cookies turned off.

/Fjodor