Dan Sellers discusses the extremely important (and unfortunately, often times forgotten part of security) art of Auditing for the purpose of verifying secure systems. As you build your new ASP.NET 2.0 secure applications using the latest tools, don't forget about auditing and monitoring. He points to the following useful links:
... there is a new health monitoring capabilities in ASP.NET 2.0.
Maybe because of the name health monitoring not much attention is paid to the fact that this new feature in ASP.NET 2.0 allows you to instrument security in your application.
Instrument ASP.NET 2.0 for Security allows ASP.NET 2.0 runtime components and controls to raise events for many common situation such as user management events and malicious input events.
Excellent resources (and I didn't know about the second one, so this is great to have the link)!
Update: While I am at it, don't forget the other kind of auditing, which involves reviewing/auditing your source code for security problems and possible exploits. I am doing more of this through my company these days (shameless plug). Auditing needs to be done in many ways to make sure your secure software solutions are complete.