Default AES Salt in ASPNET2 Site

I've written a simple membership/role provider library which I use in my websites. It works fine, and uses custom AES and SHA1 keys
in Web.config to encrypt or hash password information.

I now have a second, Windows Forms app that needs to access that same credential file, and hash/encrypt user-supplied credentials to
authenticate them. I know how to set up an SHA1 hasher or an AES (ManagedRijndael) cryptor in the windows app.

The ManagedRinjdael approach uses both a key and a salt in its operation. If you don't provide one or the other a random one is
generated each time you create an encryptor or a decryptor.

Where in the Web.config file is the AES/Rijndael salt defined? Right now my sites don't define a salt, which means they're using
some default salt value (which is clearly either defined or stored somewhere, since the membership provider can decrypt and encrypt
successfully in different sessions).

If it's not defined in the Web.config file, where is the default salt defined?

- Mark