I created a web application at work today and instead of implementing a full-blow authentication system (or spending time integrating it with our current authentication system) I decided to use HTTP Authentication.
Anyone who knows anything about HTTP Auth will tell you that it's very insecure. To add a level of security I used an .htaccess file (placed in the directory of the application) to force the use of SSL (https), which uses the certificate we've already installed to secure the rest of the site.
Here is what I added to the .htaccess:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} /path/to/app/
RewriteRule ^(.*)$ https://www.domain.com/path/to/app/$1 [R,L]
If you're already using an SSL certificate on your site, this is a great and easy way to secure HTTP Authentication.