Actually, after looking at it closer, it looks to be a threading issue with the async operation. Since ASP.NET does not have the same threading model as SL and Windows, I think you're fine with setting your EntityManager.AuthorizedThreadId to null here.
Also, it's probably not necessary to do an async operation here since ValidateUser itself is a sync call on the server.
I also want to remind you to not use the same "ACTContext" EntityManager on your client app since the EntityManager will always try to login and possibly causing strange circularity problems.
Edited by DenisK - 10-Mar-2011 at 7:48pm