Safe and secure implementation of logon trigger in SQL Server 2014 Express edition?

I've to implement the following requirement: Access to SQL Server instance shall be allowed only from a C# application. Users shall not be able to access any database (even those in which they have access) via SQLCMD, SSMS. Access using SSMS shall be allowed only for logins that are sysadmin, serveradmin. Connection from one specific host machine shall be denied. Connections from a specific C# application shall be allowed. Is it possible, secure and safe to implement this via logon trigger? If yes, how can I implement it in a reliable manner. In order to apply the logon trigger, is it necessary to be done via SSMS, only once to be activated. In case something goes wrong how can I disable it?