This sample Sinatra application demonstrates how to chain Rack middleware to force requests to SSL and then require a HTTP Basic password for all requests. It uses Rack::SSL to redirect to SSL and Rack::Auth::Basic for HTTP Basic auth.
This is useful because Rack::Auth::Basic only works for all requests, otherwise you need to write a helper. So if your root action is responsible for redirecting to SSL and you only want passwords sent over SSL, you can't use Rack::Auth::Basic. Also, the approach of chaining middleware is much cleaner.
This code is written for the Heroku Cedar stack. To see a demo, visit http://ssl-http-basic.herokuapp.com
For local development it can be convenient to skip SSL. You can do that with code like this:
use Rack::SSL, :exclude => lambda { |env| ENV['RACK_ENV'] != 'production' }
This is a trivial amount of code. Do what ever you want with it.