The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance. Our purpose was to show patterns & practices security guidance in the context of an application scenario. We used Pet Shop 4 as the baseline application and tailored it for an internet facing scenario. The application uses forms authentication with users and roles stored in SQL.
It is master piece, nothing less. Simple to get a grip, practical, and focused.
Now that GotDotNet is down I thought it would be useful to have it handy somewhere else that is on.