diff --git a/docs/profiles.md b/docs/profiles.md
index 96c5c0010..68944d4d1 100644
--- a/docs/profiles.md
+++ b/docs/profiles.md
@@ -199,6 +199,16 @@ depends:
   url: https://github.com/myusername/myprofile-repo/archive/master.tar.gz
 ```
 
+`url` also supports basic authentication.
+
+```YAML
+depends:
+- name: my-profile
+  url: https://my.domain/path/to/profile.tgz
+  username: user
+  password: password
+```
+
 ### git
 
 A `git` setting specifies a profile that is located in a git repository, with optional settings for branch, tag, commit, and version. The source location is translated into a URL upon resolution. This type of dependency supports version constraints via semantic versioning as git tags.
diff --git a/lib/fetchers/url.rb b/lib/fetchers/url.rb
index 4da425307..9c6ec9cdf 100644
--- a/lib/fetchers/url.rb
+++ b/lib/fetchers/url.rb
@@ -21,17 +21,19 @@ module Fetchers
 
     def self.resolve(target, opts = {})
       if target.is_a?(Hash) && target.key?(:url)
-        resolve_from_string(target[:url], opts)
+        resolve_from_string(target[:url], opts, target[:username], target[:password])
       elsif target.is_a?(String)
         resolve_from_string(target, opts)
       end
     end
 
-    def self.resolve_from_string(target, opts)
+    def self.resolve_from_string(target, opts, username = nil, password = nil)
       uri = URI.parse(target)
       return nil if uri.nil? or uri.scheme.nil?
       return nil unless %{ http https }.include? uri.scheme
       target = transform(target)
+      opts[:username] = username if username
+      opts[:password] = password if password
       new(target, opts)
     rescue URI::Error
       nil
@@ -223,6 +225,8 @@ module Fetchers
         opts['Authorization'] = "Bearer #{@token}"
       end
 
+      opts[:http_basic_authentication] = [@config[:username], @config[:password]] if @config[:username]
+
       # Do not send any headers that have nil values.
       # Net::HTTP does not gracefully handle this situation.
       check_for_missing_values!(opts)
diff --git a/test/unit/fetchers/url_test.rb b/test/unit/fetchers/url_test.rb
index d8931c1a6..807e2a351 100644
--- a/test/unit/fetchers/url_test.rb
+++ b/test/unit/fetchers/url_test.rb
@@ -187,6 +187,20 @@ describe Fetchers::Url do
   describe '#http_opts' do
     let(:subject) { Fetchers::Url.new('fake_url', config) }
 
+    describe 'when username and password is specified' do
+      let(:config) { { :username => 'dummy', :password => 'dummy' } }
+      it 'returns a hash containing http_basic_authentication setting' do
+        subject.send(:http_opts)[:http_basic_authentication].must_equal ["dummy", "dummy"]
+      end
+    end
+
+    describe 'when only password is specified' do
+      let(:config) { { :password => 'dummy'} }
+      it 'returns a hash containing http_basic_authentication setting as nil' do
+        subject.send(:http_opts)[:http_basic_authentication].must_equal nil
+      end
+    end
+
     describe 'when insecure is specified' do
       let(:config) { { 'insecure' => true } }
       it 'returns a hash containing an ssl_verify_mode setting' do