Securing access to a spreadsheet on the web when .xls is saved as
 

A client wishes to place a spreadsheet on to his website, and wants to
restrict access to selected people.
I've used ASP.NET form authentication and a database to secure access to
other files but this requires that the files have a .aspx extension.
Is it possible to change the file extensions of all the generated files when
saving to HTML, and thus enable the Forms authentication security?
Or is there a better way of protecting the HTML files?

Andrew