TechEd 2004 appears to have had a great session, called Top Ten Tricks for a Killer Web Application, that gave a number of great tips for building your ASP.NET web applications.
I didn't attend this session, but Tim Sneath attended it, and took some excellent notes.
You can check out Tim's notes for the details, but the tips were:
1) Creating an n-tier design with a reusable data layer.
2) Abstracting Weg.Config AppSettings with a static class.
3) Creating maintainable user interfaces.
4) Creating common page code.
5) Tracking Users' Actions.
6) Notification of Exceptions. Using Microsoft Exception Management Block (note to self: I need to learn this block when I have time).
7) Using Session Objects. Use strongly typed session objects as opposed to a lot of session keys.
8) Handling unexpected errors gracefully. Custom error pages, exception management block, etc.
9) Assigning roles and securing web pages. <location security tags ...>
10) There was no #10.
Overall, very good points. Hopefully Point #9 talked about PrincipalPermission and Declarative Code Security a bit more as I mentioned in my own post. You have to do more than just secure the web directory in case the web.config file gets screwed up.
You can download sample code from the session here.
David Hayden, Sarasota Web Development