To reach a satisfactory level of security, you need to use SSL. Taking a look at what happens:

1) User goes to website
2) User enters information (username, password)
3) User hits "submit" button
*sniff packets here*
4) User entered information is sent plaintext across the wire.
5) Programmer tries to secure information now at the server
*futile - information has already been sniffed*


Using SSL, their browser and your server negotiate a public-private key pair; and the encryption/decryption is done on both sides; thus, preventing anything plaintext being sent over the line.
I guess, if you really want to do this programmatically, you would have to use some form of client-side browser scripting (a la JavaScript) to encrypt the data after the user has hit submit and before it is sent down the wire. Then, over at the server, you would need to reverse the client-side encryption (basically, you are redoing SSL). But, that method would be a lot slower than SSL and probably less secure. Why remake the wheel? SSL is what you are looking for. Here is a link for Apache's SSL. I could not find an official IIS SSL page, but here is a link to a web site that will take you step-by-step for installing SSL on IIS.

Jeremy