Most browsers respect a username and password in the URL as credentials for a BasicAuth challenge.

But this is really the wrong design. If you want to authenticate a user, send the browser a cookie, and note that in a server-side database (even a lightweight database like Cache::FileCache). Then, when that same browser hits your protected area, just verify the cookie credential, turning the authentication into an authorization.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.