You highlighted the setting for password format, but isn't it that we can dynamically change this value, and it should be read off from what is stored in the database record, instead of use the same one globally based on web.config? I thought format setting here only governed new accounts.
Just to give you a little more insight, i'm also coyping below the database data I am testing with:
username: yaftest
password: testing123
yaf_prov_application:
ApplicationID ApplicationName ApplicationNameLwd Description
d1683089-b399-4224-9adf-38f52835a509 BrassTacks brasstacks NULL
yaf_prov_membership:
UserID ApplicationID Username UsernameLwd Password PasswordSalt PasswordFormat Email EmailLwd PasswordQuestion PasswordAnswer IsApproved IsLockedOut LastLogin LastActivity LastPasswordChange LastLockOut FailedPasswordAttempts FailedAnswerAttempts FailedPasswordWindow FailedAnswerWindow Joined Comment
6C498676-500D-466C-A77F-F42C4EAC24D3 d1683089-b399-4224-9adf-38f52835a509 yaftest yaftest 3BFumVPyiGCljmoFZ+DtwPfEqHVixG1mL3ABich4wLbq7y4yunoJWA== zt4rk6dCZzHkr7ZolukFfg== 2 asifshiraz@yahoo.com asifshiraz@yahoo.com NULL NULL True False 2/26/2009 6:34:35 PM 2/26/2009 6:34:35 PM 2/26/2009 6:34:35 PM 2/26/2009 6:34:35 PM 0 0 2/26/2009 6:34:35 PM 2/26/2009 6:34:35 PM 2/26/2009 6:34:35 PM NULL
aspnet_applications:
ApplicationName LoweredApplicationName ApplicationId Description
/ / 88f873fe-6197-4c81-a5a7-8bbbce3765a4 NULL
BrassTacks brasstacks d1683089-b399-4224-9adf-38f52835a509 NULL
aspnet_membership:
ApplicationId UserId Password PasswordFormat PasswordSalt MobilePIN Email LoweredEmail PasswordQuestion PasswordAnswer IsApproved IsLockedOut CreateDate LastLoginDate LastPasswordChangedDate LastLockoutDate FailedPasswordAttemptCount FailedPasswordAttemptWindowStart FailedPasswordAnswerAttemptCount FailedPasswordAnswerAttemptWindowStart Comment
d1683089-b399-4224-9adf-38f52835a509 6c498676-500d-466c-a77f-f42c4eac24d3 3BFumVPyiGCljmoFZ+DtwPfEqHVixG1mL3ABich4wLbq7y4yunoJWA== 2 zt4rk6dCZzHkr7ZolukFfg== NULL asifshiraz@yahoo.com asifshiraz@yahoo.com NULL NULL True False 2/26/2009 6:34:30 PM 2/26/2009 6:34:30 PM 2/26/2009 6:34:30 PM 2/26/2009 6:34:30 PM 0 2/26/2009 6:34:30 PM 0 2/26/2009 6:34:30 PM NULL
aspnet_users:
ApplicationId UserId UserName LoweredUserName MobileAlias IsAnonymous LastActivityDate
d1683089-b399-4224-9adf-38f52835a509 6c498676-500d-466c-a77f-f42c4eac24d3 yaftest yaftest NULL False 2/26/2009 6:34:35 PM