Skip to main content

Notifications

Power Pages - Security
Suggested answer

Custom Registration For PowerPages Site

(0) ShareShare
ReportReport
Posted on by

Hi Everyone,
I'm facing a challenge with a custom registration page I created for my Power Pages site. The page includes an HTML form that collects additional user details during registration. I am storing the entered password in the out-of-the-box 'Password' field of the Contact entity, which is the same field Microsoft uses for authentication when a user registers through the standard process.

Key Points to Note:

  • I'm utilizing the default Microsoft login functionality but have implemented a custom sign-up registration page.
  • Microsoft applies a specific hashing algorithm to encrypt passwords when users register via their standard methods. This hashed password is then stored in the Contact entity and later decrypted during login.

The Challenge:
I need to ensure that the passwords captured through my custom registration form are hashed like Microsoft does, so users can log in seamlessly using the default login mechanism.

What I Have Tried:
I attempted to replicate the hashing process using the MD4 + Salt + PBKDF2 + HMAC-SHA256 approach through a plugin, but the generated hash differs from Microsoft's, and the login was unsuccessful.

I have also attached an image comparing the differences between the password hash generated by my process and the one Microsoft creates.

Seeking Advice On:

  • Whether the hashing procedure I'm using (MD4 + Salt + PBKDF2 + HMAC-SHA256) can work in any way to achieve the required encryption.
  • Alternative approaches or methods to correctly hash the password to match Microsoft’s standards.
  • Any APIs, libraries, or backend processes that can help achieve the correct encryption to maintain compatibility with Microsoft's authentication process.

Any insights or suggestions would be greatly appreciated.

Thanks in advance!

 

 

Categories:
  • Suggested answer
    Fubar Profile Picture
    Fubar 7,675 on at
    Custom Registration For PowerPages Site
    Generally I do not recommend trying to create alternate registration pages, you can always force the user to fill the the Profile page before doing anything else on your site. 
    For local login there is a field on the Contact record that (if everything else was installed correctly and is working correctly) that should automatically hash, store it, and clear the input field called "New Password Input". 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Microsoft Kickstarter Events…

Register for Microsoft Kickstarter Events…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 145,343

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,703

Leaderboard

Featured topics