Power Platform Community Forum Thread Details

Custom Registration For PowerPages Site

Hi Everyone,
I'm facing a challenge with a custom registration page I created for my Power Pages site. The page includes an HTML form that collects additional user details during registration. I am storing the entered password in the out-of-the-box 'Password' field of the Contact entity, which is the same field Microsoft uses for authentication when a user registers through the standard process.

Key Points to Note:

I'm utilizing the default Microsoft login functionality but have implemented a custom sign-up registration page.
Microsoft applies a specific hashing algorithm to encrypt passwords when users register via their standard methods. This hashed password is then stored in the Contact entity and later decrypted during login.

The Challenge:
I need to ensure that the passwords captured through my custom registration form are hashed like Microsoft does, so users can log in seamlessly using the default login mechanism.

What I Have Tried:
I attempted to replicate the hashing process using the MD4 + Salt + PBKDF2 + HMAC-SHA256 approach through a plugin, but the generated hash differs from Microsoft's, and the login was unsuccessful.

I have also attached an image comparing the differences between the password hash generated by my process and the one Microsoft creates.

Seeking Advice On:

Whether the hashing procedure I'm using (MD4 + Salt + PBKDF2 + HMAC-SHA256) can work in any way to achieve the required encryption.
Alternative approaches or methods to correctly hash the password to match Microsoft’s standards.
Any APIs, libraries, or backend processes that can help achieve the correct encryption to maintain compatibility with Microsoft's authentication process.

Any insights or suggestions would be greatly appreciated.

Thanks in advance!

Categories:

Security

Quick Links