There is a ‘must read’ chapter in ASP.NET documentation on MSDN about security :
- ASP.NET Security Content Map
- ASP.NET Web Application Security
- How ASP.NET Security Works
- Overview of Web Application Security Threats
- Basic Security Practices for Web Applications
- Storing Sensitive Information Using ASP.NET
- Limiting Access to ASP.NET Web Sites
- Script Exploits Overview
- How to: Display Safe Error Messages
- Accessing SQL Server from a Web Application
- Web Application Security at Run Time
- ASP.NET Application Security in Hosted Environments
- Managing Users by Using Membership
- Managing Authorization Using Roles
- Encrypting Configuration Information Using Protected Configuration
- Walkthrough: Creating an ASP.NET Web Site with Basic User Login
- Walkthrough: Creating a Web Site with Membership and User Login
- Walkthrough: Managing Web Site Users with Roles
- ASP.NET Application Services Overview
- Windows Communication Foundation Authentication Service Overview
- Windows Communication Foundation Role Service Overview
- Request Validation in ASP.NET
- ASP.NET Web Application Security
