The problem is that the ASP.NET security mechanism can only secure files that have an .aspx extension or other valid .NET extenstions.
Non-.NET file extensions such as .html, .asp and so on are not handled by the .NET engine and as such the .NET forms authentication mechanism cannot secure them.
There are two solutions for this:
1. Rename all .html, .htm and other non .NET files to .aspx or,
2. Add the .html and other non-.NET extensions to the valid list of extensions to hand to the .NET engine.
Number 1 is the preferred solution and is handled by the web designer. Method 2 (re-map the html extensions) needs to be set up on the server by Alentus. The exact extensions that need remapped must be provided (example: .htm, .html).
Note: Remapping may affect actual output depending on your current file types and content. Traditional .asp files in particular will not work as they must go to the standard ASP handler to be processed properly.