Yes, PHP can hook right into the standard http authentication mechanism. Or you can roll your own from a database of user/passes. Or both. Or with PHP you can hook into an LDAP server, or if you're really stuck, a plain text file.

.NET is great too, don't get me wrong. But if you don't have to pay for stuff, why pay for stuff?