I recently upgraded our SanSpug.org and the instructor.architectingconnectedsystems.com sites to SharePoint 2013. As part of the process, you have to build a new farm and all the web apps, then attach the content dbs. As long as you have put your membership providers in the machine.config files (32 and 64bit), you shouldn't have any problems right? Wrong! With the same config as in 2010, I just kept getting this error:
An exception occurred when trying to issue security token: The security token username and password could not be validated..
It was looking for the old aspnetdb and localsqlserver settings. Turns out that ASP.NET 4.0 doesn't actually inherit the machine.config file changes. That was my perferred method in 2010 so I didn't have to put the stupid settings everywhere. Alas, my nice shortcut doesn't work in 2013 anymore. You will see that providers don't inherit for the web apps, including the securitytokenservice. That means you HAVE to put the membership and role providers in the Root web.config file.
I think this sucks...watch out for this...