I've done this a few times, and it does work very well. The only drawback I've encountered is that helpful browsers tend to make it very hard to log out without quitting (or to enforce an inactivity timeout), and you need special mechanisms to achieve a permanent login (which may seem like an advantage).

The only way I'm aware of to force login or logout, which might incidentally answer your specific question, is to redirect the user to an address in the form http://user:password@foo.bar.com/baz/. Which is how my heath-robinson logout mechanism worked, but obviously isn't great for logging in.

but i'm surprised you don't like the standard browser login window: it always seemed reassuring to me that this was the real thing and not some home-made cookie cutter.

incidentally, for working with htpasswd files I would highly recommend KM's Apache::Htpasswd.