heres a thouht... are you doing this as a fun learning thing or do you simply want some easy security on there? as im pretty sure IIS has security stuff built in anyway using the normal bits n bobs (i think it even does SSL too) would be muchos easier