securing basic HTML in IIS

how can i verify that a person has logged into a website before serving non-dynamic HTML pages to them in IIS?

>>4
It isn't. You can do HTTP authentication over regular HTTP (hence the name). It's a bad idea from a security point of view, but since you're using IIS anyway, so is anything else you'll be trying.