You are best advised to do this through a different mechanism. Your application could, for instance, send a memory cookie when the user logs in.
Every request would then look for that cookie, and would not be serviced if it is not present. (This is similar to how Sessions are handled.)
In the app that I wrote, and which I maintain every request starts by looking for a valid Session in the user's name. If it is not present, they are shown the login screen instead of what they asked for.
I don't think you can "monitor" URLs, nor have any affect on the browser. Al I think you can do is monitor requests.
I don't know if you can have web services look at a request, and then pass that on to the normal request/response mechanism when the request is deemed to be valid, but you might look into that.
Are these resources dynamic, or are they purely static pages? (*.ASPs? *.ASPXs? *.HTMs? *.HTMLs?)