I have a specific question about the following scenario:
My customer has a website that mainly consists of static .html files. Each customer has it's own directory on the filesystem. There is no security, so you need to know the correct URL to access the html pages.
They want to secure their site and first have to authenticate using SSO and if they are authorized they will have access to the right files and folders on the disk.
I was thinking it could be done with either an HttpModule or HttpHandler that also checks requests to .htm files. Is this something that is achievable and am I thinking in the right direction?