In my own research into .Net Security, one area I have explored is how to correctly set up Partial Trust websites with ASP.NET 1.1 and resources placed in “sandboxed” environments. One of the best resources I have found is the book Improving Web Application Security: Threats and Countermeasures from the Microsoft Patterns and Practices group.
For a quick introduction, Keith Brown has an excellent article in the April, 2004 issue of MSDN Magazine called “Beware of Fully Trusted Code”. Read this and understand the issues.