I am not sure what your requirements are. Are you talking about the general security practices or ASP.NET based technical information?
Well I can guide you through the general security concepts related to Login, Authentication etc.
1) Create the username and password.
2) Send the username and password to the user in two seperate emails.
3) Make the password random enough for self-change, initial and reset password functions (one- cap, one-number, one-lowercase, 7 characters mimimum etc)
4) Never send the old password to the user. Generate the new one.
5) During password change, ask for current password, new password, re-type new password.
6) Perform all the validations on server side. Dont rely on javascript client side validation.
7) Never retrieve passwords from the server.
8) Store the passwords in the database in a ecrypted or hashed format.
9) Always Salt the password during hashing or encryption.
I would recommend http://www.owasp.org and Sans
Thanks
Find more info at Web Information Security