I don’t want the user to reach the database without my application

If your application will directly access the SQLite database via a Windows file share, this is impossible. Sure, you can make it inconvenient, but it’s not really possible.

The only way to achieve this really is by introducing some middleware.

This would typically be a service (WCF perhaps) that listens for connections from your client application, authenticates them, and manages all access to the underlying database. The database would be stored in a location that is visible to the server only, and not visible through a Windows share to your users.

Also, SQLite isn’t exactly a great choice for a multi-user system. You can kill two birds with one stone here – switch to a DBMS (MS SQL Server Express is free, also MySQL, PostgreSQL are common free choices) that accepts client connections over a network, and build your application to connect directly to the database server (using integrated Windows authentication may also be possible like this, so you can avoid an explicit logon). In a simple scenario this may be adequate and avoid you needing to build an explicit service layer.

In a more complex scenario, it can still make sense to have a middleware layer between the application and the database – this way, you can change the database design without changing the application design and deploying to all of your client machines – instead, just change the middleware layer in one place and your application won’t know the difference.