I'm trying to add some security to a legacy application. This application works by taking in a query string such as "?document=book1" and showing the content of "book1". Most of the documents don't need any security, but a few do. So for instance if someone tried to access "?document=book3" I'd want to redirect to a login but otherwise just show the content.
I've tried using Request Filtering and while that successfully blocks certain documents, it doens't allow me to override based on user authentication. I also don't seem to be able to create an Authorization Rule specific enough to restrict certain query strings.
Does anyone have any suggestions on how I might be able to accomplish this using IIS?