I'm right at the beginning of building a new web application using ASP.net and SQL Server 2005. I need advice on the best way to secure the application. By this I mean that the system will obviously have multiple users and I want to know what the best way is to provide them with a login, where/how to store their sensitive details (i.e. password), and any other security issues I should bear in mind.
Any advice gratefully received!