I worked on this site over the summer at an office, I'm now back on christmas break, and will work again this summer. With the help of many people online I got the following code to work. But now, it doesn't work. As far as I know, the code SHOULD still be the same. I am using VS2005 instead of VWD beta, and the 2.0 framework instead of the beta version.

Outline of what the below code should do:
Take user login information, pass it to storedprocedure DBAuthenticate, if valid user, then execute another query to retrieve role info for forms authentication and store it in the authentication ticket. As well as pause for every missed attempt.

What happens:
The login page will load correctly, but when you hit the submit button i get the following error.

"Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.ArgumentException: Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation."

MASTERPAGE(Anonymous.master):

<%@ Master Language="VB" CodeFile="Anonymous.master.vb" Inherits="Anonymous" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <table style="width: 740px; height: 720;" border="1">
            <tr>
                <td colspan="3" style="height: 87px">
                    <asp:Image ID="Image1" runat="server" ImageUrl="~/images/top_data/background.jpg" /></td>
            </tr>
            <tr>
                <td colspan="3" style="height: 236px">
                    <asp:contentplaceholder id="ContentPlaceHolder1" runat="server">
                    </asp:contentplaceholder>
                    &nbsp;
                </td>
            </tr>
        </table>
    </div>
    </form>
</body>
</html>

Login.aspx:

<%@ Page Language="VB" MasterPageFile="~/Anonymous.master" 
                        AutoEventWireup="false" 
                        CodeFile="Login.aspx.vb" 
                        Inherits="_Default"
                        EnableEventValidation="true" 
                        title="Untitled Page" %>

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Threading" %>

<asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">

<script runat="server">
    Dim conMyData As SqlConnection
    Dim conUserData As SqlConnection
    Dim cmdSelect As SqlCommand
    Dim cmdSelectRoles As SqlCommand
    Dim parmReturnValue As SqlParameter
    Dim intResult As Integer
    Dim strLinkPath As String
    Dim objTicket As FormsAuthenticationTicket
    Dim objCookie As HttpCookie
    Dim strReturnURL As String

    Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
        If IsValid Then
            'load stored procedure DBAuthenticate
            If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
                'run query to get user role for forms based authentication
                Dim conRoles As SqlConnection
                Dim cmdSelectRoles As SqlCommand
                Dim dtrRoles As String

                conRoles = New SqlConnection("Server=INTRANET;uid=sa;database=safety_training")
                conRoles.Open()
                cmdSelectRoles = New SqlCommand("SELECT r.role_name FROM dbo.Roles r WHERE r.role_id IN (SELECT ui.role_id FROM dbo.User_Info ui WHERE ui.user_name=@username AND ui.password=@password)", conRoles)
                cmdSelectRoles.Parameters.AddWithValue("@username", txtUsername.Text)
                cmdSelectRoles.Parameters.AddWithValue("@password", txtPassword.Text)
                dtrRoles = cmdSelectRoles.ExecuteScalar
                
                'run query to get users company
                Dim conCompany As SqlConnection
                Dim cmdSelectCompany As SqlCommand
                Dim dtrCompany As String

                conCompany = New SqlConnection("Server=INTRANET;uid=sa;database=safety_training")
                conCompany.Open()
                cmdSelectCompany = New SqlCommand("SELECT ui.company_id FROM dbo.User_Info ui WHERE ui.user_name=@username", conCompany)
                cmdSelectCompany.Parameters.AddWithValue("@username", txtUsername.Text)
                dtrCompany = cmdSelectCompany.ExecuteScalar

                'create authentication ticket
                objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, dtrRoles)
                conRoles.Close()
                conCompany.Close()
                
                'create cookie Company
                Response.Cookies("Company").Value = dtrCompany
                'create cookie UserName
                Response.Cookies("UserName").Value = txtUsername.Text
                
                objCookie = New HttpCookie(".ASPXAUTH")
                objCookie.Value = FormsAuthentication.Encrypt(objTicket)
                Response.Cookies.Add(objCookie)
                strReturnURL = Request.Params("ReturnURL")
                
                If strReturnURL <> Nothing Then
                    'returns user to previous page if greater authorization was required
                    Response.Redirect(strReturnURL)
                Else
                    'forwards user after login
                    Response.Redirect("Default.aspx")
                End If
            End If
        End If
    End Sub
    
    'check failed login attempt count and if greater than 3 pauses for 2 hours
    Sub Page_Load()
        Dim objCounter As Object = Session("counter")
        If Session("counter") > 3 Then
            Thread.Sleep(7200000)
            Response.Redirect("anonymous/deny.aspx")
        End If
    End Sub
    
    'stored procedure, returns 1 if successful login, -1 it not
    Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
        conMyData = New SqlConnection("Server=INTRANET;UID=sa;Database=safety_training")
        cmdSelect = New SqlCommand("DBAuthenticate", conMyData)
        cmdSelect.CommandType = CommandType.StoredProcedure
        parmReturnValue = cmdSelect.Parameters.Add("RETURN_VALUE", SqlDbType.Int)
        parmReturnValue.Direction = ParameterDirection.ReturnValue
        cmdSelect.Parameters.AddWithValue("@Username", strUsername)
        cmdSelect.Parameters.AddWithValue("@Password", strPassword)
        conMyData.Open()
        cmdSelect.ExecuteNonQuery()
        intResult = cmdSelect.Parameters("RETURN_VALUE").Value
        conMyData.Close()
        'if unsuccessful login display message and increase failed attempt count by 1 then
        'pauses for 10, then 20, then 30 seconds if user keeps failign
        If intResult = -1 Then
            lblMessage.Text = "Your Username or Password is incorrect.  Please try again."
            Dim objCounter As Object = Session("counter")
            If objCounter Is Nothing Then objCounter = 0
            Session("counter") = CInt(objCounter) + 1
            Thread.Sleep(10000 * (CInt(objCounter)))
        End If
        Return intResult
    End Function
    
</script>
    <form id="Form1" action="Login.aspx" >
        <table style="width: 41%; border-right: #b5c7de 1px solid; border-top: #b5c7de 1px solid; border-left: #b5c7de 1px solid; border-bottom: #b5c7de 1px solid; height: 1px;">
            <tr align="center" valign="top">
                <td bgcolor="#eff3fb" style="text-align: center; width: 843px; height: 175px;">
                    <table>
                        <tr>
                            <td colspan="2" 
                                style="text-align: center">
                                <strong><span style="font-weight: bold; 
                                            color: black;
                                            background-color: transparent; font-family: Verdana;">Log In</span></strong></td>
                        </tr>
                        <tr align="center">
                            <td colspan="2">
                            <asp:Label
                                ID="lblMessage"
                                ForeColor="Red"
                                Runat="server" /></td>
                        </tr>
                        <tr valign="top">
                            <td style="width: 85px">
                                <asp:Label ID="UserNameLabel" 
                                    runat="server" Font-Names="Verdana" Font-Size="0.8em">User Name:</asp:Label>
                                </td>
                            <td style="width: 173px">
                                <asp:TextBox ID="txtUsername" 
                                    runat="server" 
                                    Width="160px" TabIndex="1" /><br />
                                    
                                <asp:RequiredFieldValidator ID="RequiredFieldValidator1"
                                    runat="server"
                                    ControlToValidate="txtUsername"
                                    Text="You must enter a User Name." Width="186px" EnableViewState="False" Font-Names="Verdana" Font-Size="0.7em" /></td>
                        </tr>
                        <tr valign="top">
                            <td style="width: 85px">
                                <asp:Label ID="PasswordLabel" 
                                    runat="server" Font-Names="Verdana" Font-Size="0.8em">Password:</asp:Label>
                                </td>
                            <td style="width: 173px">
                                <asp:TextBox ID="txtPassword" 
                                    runat="server" 
                                    TextMode="Password" 
                                    Width="160px" TabIndex="2" /><br />
                                    
                                <asp:RequiredFieldValidator ID="RequiredFieldValidator2" 
                                    runat="server"
                                    ControlToValidate="txtPassword"
                                    Text="You must enter a Password." Width="235px" EnableViewState="False" Font-Names="Verdana" Font-Size="0.7em" /></td>
                        </tr>
                        <tr align="center">
                            <td colspan="2" style="height: 32px; text-align: right">
                                <asp:Button ID="Button1" 
                                    runat="server" 
                                    BackColor="White" 
                                    BorderColor="#507CD1" 
                                    BorderStyle="Solid"
                                    BorderWidth="1px" 
                                    OnClick="Button_Click" 
                                    Font-Names="Verdana" 
                                    Font-Size="0.8em"
                                    ForeColor="#284E98" 
                                    Text="Log In" TabIndex="3" /></td>
                        </tr>
                    </table>
                    <span style="font-size: 0.8em; color: red"></span></td>
            </tr>
        </table>
    </form>
</asp:Content>

Global.asax:

<%@ Application Language="VB" %>

<script runat="server">
    
    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
        If Not (HttpContext.Current.User Is Nothing) Then
            If HttpContext.Current.User.Identity.IsAuthenticated Then
                If TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then
                    Dim id As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
                    Dim ticket As FormsAuthenticationTicket = id.Ticket
                    Dim userData As String = ticket.UserData
                    Dim roles As String() = userData.Split(",")
                    HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(id, roles)
                End If
            End If
        End If
    End Sub

    Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs on application startup
    End Sub
    
    Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs on application shutdown
    End Sub
        
    Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs when an unhandled error occurs
    End Sub

    Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs when a new session is started
    End Sub

    Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
        ' Code that runs when a session ends. 
        ' Note: The Session_End event is raised only when the sessionstate mode
        ' is set to InProc in the Web.config file. If session mode is set to StateServer 
        ' or SQLServer, the event is not raised.
    End Sub
       
</script>

Web.Config:

<?xml version="1.0"?>
<!-- Note: As an alternative to hand editing this file you can use the 
      web admin tool to configure settings for your application. Use
      the Website->Asp.Net Configuration option in Visual Studio.
      A full list of settings and comments can be found in 
      machine.config.comments usually located in 
      \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
  <!-- ASP.NET connection string to connect to 
        Microsoft SQL Server INTRANET, database Safety_Training -->
  <connectionStrings>
    <add name="Safety_TrainingConnectionString"
         connectionString="Data Source=INTRANET; Initial Catalog=Safety_Training; User ID=sa"
         providerName="System.Data.SqlClient"/>
  </connectionStrings>
 
	<system.web>
    <!-- Authorization section sets access for anonymous users throughout site -->
    <authorization>
      <deny users="?"/>
    </authorization>
    
    <!-- Sets Authentication Method for site, Forms based and denies access 
          to folder (root) for non authenticated users
          
         The <authentication> section enables configuration 
          of the security authentication mode used by 
          ASP.NET to identify an incoming user -->

    <authentication mode="Forms">
      <forms name=".ASPXAUTH"
             loginUrl="login.aspx"
             protection="All"
             path="/"
             timeout="5"/>
    </authentication>
    
		<!-- The <customErrors> section enables configuration 
          of what to do if/when an unhandled error occurs 
          during the execution of a request. Specifically, 
          it enables developers to configure html error pages 
          to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors> -->
    <customErrors mode="Off"/>
    
    <!-- Set compilation debug="true" to insert debugging 
          symbols into the compiled page. Because this 
          affects performance, set this value to true only 
          during development -->
    <compilation debug="true"/>

    <!-- Defines the sitemap provider for the navigation controls -->

	</system.web>
  <appSettings/>
</configuration>

This is a new security feature for .net2. <%@ Page EnableEventValidation="true" %> is new security feature to stop tampering with your controls. in your code you changed some controls on the server side and then tried to load the page and it recognised they were changed in your event. At the end of your event call Response.redirect("login.aspx") and it will solve the problem for you.

This article has been dead for over six months. Start a new discussion instead.