In this blog post you can ensure that your applications and scripts which run in your Sitecore solution isn't executed without users have to login. This is a simple and easy approach and there isn't much code envolved.
I have built quite a few applications that run in the Sitecore shell. It is very easy and you can build Sitecore applications using asp.net as you would build any other website (or use Sitecores own XAML engine). This is great, but there is one thing that I tend to forget and I think others do as well. When you develop a Sitecore application using asp.net, the controls in the application are often accessible if you access the files directly. For instance imagine you have created an application which uses a file - testpage.aspx – and you place it directly in the layouts folder, users will be able to run your application if they enter the URL www.yourdomain.com/layouts/testpage.aspx even though they are not logged in. ¨
This of course may be a security issue and you should ensure you require your users to login to the shell site, before they can run the application. Sitecore enables you to do this quite easy as you can just make your page inherit from Sitecore.Shell.Web.UI.SecurePage. If you do this, Sitecore will automatically redirect the user to the login page of the current site, if they are not all ready logged in. Easy-peasy-lemon-squeezy!
You can also apply this to all your Sitecore scripts, which run as a .aspx. In that way you ensure it can only be run by people who are logged in.