It's a huge subject and doesn't fit Q&A section. There are dedicated professionals who review the design of your web application at various levels. That said, there are various ways an hacker can attack your websites.
This article on MSDN will get you started on
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication[
^].
There are some techniques discussed here at one of the CP article -
Securing ASP.NET Applications [
^].
There are much more links on
Google[
^].
Apart from these, it's good to know about
asp.net vulnerability[
^] so that you handle those in your application.
Hope this gives you an insight!