Microsoft Knowledge Base Article 310344 contains the following summary:
This article describes how to configure Internet Information Server (IIS) 5.0 Web site authentication in a Windows 2000 server
environment. IIS 5.0 Web sites can be configured to authenticate users before they are allowed access to the site,
a folder in the site, or even a particular document contained with a folder at the site. IIS 5.0 authentication can be
used to strengthen the level of security on sites, folders, and documents that are not for the general public.
Web site authentication is critical when resources are not meant for anonymous or public access but the Web server needs to be on the Internet to be accessible to approved users over the Internet. Examples of Web site applications that require authentication access control include Microsoft Outlook Web Access (OWA) and the Microsoft Terminal Services Advanced Client.