[all variants] Selective Authentication

I have a server running Apache/1.3.41.
I have an application that uses Apache, and all the configuration for this
application is done through the browser when you login as the user
application-admin.

The application uses Apache to do authentication - I had to add the
following to httpd.conf:
<Directory "/path/to/application">
AllowOverride None
AuthType Basic
AuthName "WebApp"
require valid-user
AuthUserFile /path/to/application/apache.userfile
Options None
</Directory>

My question is can I use Apache to limit logging in as user
"application-admin" to an internal subnet, so that you can't login as
"application-admin" from outside our building. For that matter, several
other internally used user accounts would be nice to limit to internal IPs
as well. Aside from just a few accounts, all the users are external users -
but these few accounts would be nice to be internal only.

What I'm wanting is:
AllowFrom 10.1.0.0/16 any user
AllowFrom everywhere else, anyuser except "applicaiton-admin"

I could have 2 separate auth files if I needed to - one that has "application-admin" and one that doesn't (cron job every minute to copy auth.1 to auth.2 and echo "application-admin" >> auth.2)

Could I then do something more like:

Any IP - require valid-user from /auth.1
10.*.*.* - require valid-user from /auth.2

Thanks!

Dave