A quick and simple way of protecting *.html files in an ASP.NET web application is to enable runAllManagedModulesForAllRequests in the web.config file. In addition, set the authorization settings as required on locations that need authenticated access.
<modules runAllManagedModulesForAllRequests="true" />
<deny users="?" />
This will cause all requests to go through the authentication module, which will trigger the ASP.NET authentication mechanism.
Note that this solution has caveats, so use it with caution.