I'd say check that your membership provider, role provider and sql connection string are in all 3 web.configs (and are identical in all 3):
You sharepoint web application
Secure Token Service
For the sql connection string, make sure that the app pool user has permissions on the membership database if you're using windows authentication.
If you still have issues, use an external tool to make sure that your membership settings are correct. I use the IIS .Net Roles and .Net Features. You will have to temporarily set the default provider from the SharePoint provider to the provider
you set up. Be sure to change it back when you are done.