I am sorry that this caused so much trouble. I suppose your custom provider doesn't have a GetUser() method implemented? We changed a bit the logic of the ValidateUser security method - it first calls GetUser() and if there isn't such a method or it returns null then the logic assumes that the validation fails. That's why you need to implement such method to return a valid User object.
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking
system and vote to affect the priority of the items