check out the ASP.NET Security Practices at a Glance...a good guide to bookmark!
i just became aware of this...know nothing about it, but conceptually it sounds cool.
i’m guessing it uses “unsupported” methods for doing some of the work though (i.e., direct db access)
from their site:
Once your portal is designed and deployed how do you make changes to it? How do you do it and still preserve all the valuble production data?
cool site: 101 samples in visual studio 2005