How do I make user authentication secure using SSL:
The Secure Sockets Layer or SSL provide clients to server encryption for all data passed to and from the web server and client.

In order to use SSL you must have a secure certificate from a provider such as

First you must generate a CSR using the MMC under securtiy, certificates, new.  This will create a CSR or certificate request and ultimatly verisign will issue a certificate for you to install.

When installed you can establish secure communication using https:// instead of http:// in your site links.  This is particularly useful for logins and passing other sensitive information such as credit card details.

For some methods such as basic authentication you would need to use SSL for all traffic since the userid and password are passed with each request.  For others such as cookie you would only need to use SSL for the login page.  Of course, using SSL for your entire site is rarely feasible and it often makes more sense to use an independent user database and not expose NT user details.