Windows Authentication

Hi
I am new to using security in web sites / scripts and was wondering if
someone could help me out.
I would like to "protect" a specific folder on my web site using Windows
Authentication.
The web site is current hosted by an ISP on a Windows NT Box running
Microsoft-IIS/5.0 with php 4.3.8 with Server API of CGI/Fast CGI.
I cannot use .htaccess files, nor use CHMOD to change the file permissions
myself.
My idea is to get the ISP to set a username/password on the "restricted"
folder and ensure that permissions are propagated on all files dropped into
the folder.
Currently I have member's authentication in place to allow a user to log in
a view a list of files that they can download. Currently there is no
permissions on the folder containing the files to download meaning that if
the user or anyone else new the URL they could simply download the file
without our knowledge / approval.
What I would like to do, is simply protect the downloads folder so that if
anyone stumbles across it, it wouldn't be an "open" directory.
So my question is: I would like to have some code (eg
GetRestrictedFileToDownload($fileid)) that would allow the user to download
the file. The purpose of the code would be to use HTTP authentication for
windows and then pass the file to the browser.
Can this be done and if so how?
Thanks
Dominic