I've changed passwordFormat of AspNetSqlMembershipProvider( SqlMembershipProvider is used) to 'Hashed' from 'Encrypted' but still can login via credentials which had been created before the change.
Also I changed passwordFormat to 'Clear' created new account and changed passwordFormat back to 'Hashed'.
The new account has password in a plain text in the aspnet_Membership table. I can login with it despite the passwordFormat changed to 'Hashed'.
It makes me think that a way of password processing is stored somewhere in the SqlMembershipProvider tables.
If it is so, where is the information stored? Or maybe I missed something?
View Complete Post