My approach to this has been to use IIS and windows authentication. Basically i naviagte to the edit widget config file using IIS manager, and disable anonymous access and enable windows authentication just for that file. However, it is important to note that my experience with IIS is experimental at best and our web aps are largely for internal use only.
Simon
