I wasn’t aware of this until I saw Don’s article:
Fortunately, Microsoft has committed to providing a steady stream of documentation and educational materials to help solve the problem. Their latest ASP.NET security freebie has the rather unwieldy moniker of ASP.NET 2.0 Security Reference Implementation. This product is a combination of documentation and source code that is worthwhile to study to get right at the best practices that you can implement in ASP.NET 2.0 Web sites. The package itself is a bit daunting, but it doesn’t take long to figure out what’s what.
There are two Word docs and 17 projects, released under a GotDotNet license so you can lift entire projects for your own needs. I found MS’s P&P guides absolutely essential for working with .NET 1.1, so I’m glad to see some updated material.