Note that Microsoft has released a 'security update' which disables the use of username:password@host in http urls.
http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
The methods described above which rely on this will no longer work in Microsoft browsers, sadly.
You can re-enable this functionality as described at
http://weblogs.asp.net/cumpsd/archive/2004/02/07/69366.aspx
but your users will probably be unwilling to do this.