when browsing through the Microsoft ASP.NET security newsgroups – 85% of all problems seem to be identity, impersonation, delegation and resource access problems (over and over again).

Microsoft Support has compiled a page called “Common Security Issues when Accessing Remote Resources with ASP.NET” pointing to several related KB articles. And they are actively adding stuff.