.NET quirk of the day
Here is something that might save you some hair. The identity element in the system.web section of the web.config takes an optional username and password parameter. It is good to note that the username parameter is actually "userName" and it is case sensitive. So, if you try using "username", it will fail.
Also, it is interesting that when you do this by accident and are accessing the site remotely, you will get an ASP.NET "yellow screen of death" about customErrors needing to be set to Off. The odd thing is that it will show you this screen even when customErrors already is set to Off.