I've been an ASP.NET developer for some time, always working on existing ASP.NET pages, modifying functionality, adding features, tweaking things etc. but have never built a site up from scratch. I've read books on ASP.NET, and they generally talk you through the various features of ASP.NET with a mock up site, but it's always very basic and they jump straight in.
The time has come however, to write a site from scratch for a client. I've never done this before. There are design considerations, but like a lot of ASP.NET sites, the basic idea is, you have a site, where users can log in, and save some information like their name and password and address. The site has some functionality, but that's the basic design of a majority of (business-related) asp.net websites I would wager.
I know how to program in ASP.NET already on an existing site, but I don't know how to design my own properly that meets the criteria above.
I guess the main worry is security. I don't know the best way to handle a simple log-in system that stores user information like their name and password. I understand there are a few approaches to this, but the catch with this project is that it has to be absolutely bulletproof. Maximum security. All those good practices for security, it needs to have them all.
I'm not asking what they are, but I am asking where to begin. What should be the first steps after I do File  New Project ? Where can I look for information about setting up a secure ASP.NET website? I'll figure out the content and page layout later, it's the framework that is the big thing.
Any and all advice would be welcome. I really want to get my first from-scratch project right from the beginning. 
Just to confuse things, it's possible I will be using MVC, I am not sure if this has any impact.