Are there any possible issues with using the default Forms Authentication (see below) on Load Balanced servers? If there can be, what can I do to prevent the issues.
<authentication mode="Forms">
<forms loginUrl="~/Login/" protection="All" timeout="30" />
</authentication>
Can I use cookies (used by default)? Do I have to go cookieless? etc...
Also, does Microsoft (or VMWare) have a VirtualPC download that is an instant Load Balanced testing environment?
Cookies work based on the domain, so as long as all the servers are running under the same domain, then cookies should work cross-server. By default, this is how forms authentication works. ASP.NET adds an AUTH cookie to track the login.
The session is another matter though. Unless you implement a session store, like sql server, then the session variables won't be transferred across servers.
There is one issue. The cookies are encrypted and validated using the machine key and the validation key (that's what protection="All" means). You will have to set those in your top-level web.config in all the servers, otherwise each of them will have a different one and will reject cookies set by the others.
You can find a machineKey generator here. Then put the generated xml inside in the web.config of all the servers and you're ready to rock.