As I stated earlier, I am in the process of writing a course and book about the above topic. The rough outline will be:

• Threats & Mitigation Techniques & Guidelines
• IIS6 & ASP.NET Architecture
• Input Validation
• Storing Secrets
• Authentication & Authorization
• ASP.NET 2.0 Security Provider
• Instrumentation
• Partial Trust
• Deployment & Hardening
• Tools & Resources for Pen-Testing

Do you like anything special covered, with what have you been struggling with? Write me an email or leave a comment, thanks!