The way to go about doing it will be different depending on what kind of server you're using. If it's linux with Apache, I think there's a wizard in Frontpage that can do it for you. Basically all it's doing is creating an .htaccess file in the folder.
Windows is a bit more complicated because each user you want to allow access would need to have an account on the server. A somewhat simpler approach would be to do your authentication in "software". In other words, you could use PHP or ASP or something similar to check the username and password before letting the user see the page. This is much more secure than creating accounts for the users on the server. If you do some googling, you can probably find a prebuilt user authentication package for PHP, maybe ASP too but not as likely.