web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Portal user authentica...
Microsoft Dynamics CRM (Archived)

Portal user authentication

(0) ShareShare
ReportReport
Posted on by CSF90

Hi all

I want to ensure that I'm understanding the customer portal authentication documentation correctly and that what I think is possible actually is.

We have a client who stores their external website credential details for each user account on the Contact record within CRM (so two custom fields - 'Website Login' and 'Website Password'). These are kept in sync when updated in either the CRM or via the external website.

We are looking to implement a Customer Portal solution and we want to ensure that we can configure the portal to use these two custom fields for authentication when the user is trying to log in. Is this possible?

An additional complexity is that the password field is actually a hashed value.

Thanks in advance!

*This post is locked for comments

I have the same question (0)
  • Verified answer
    JohnAnonymous Profile Picture
    JohnAnonymous 5,241 on at

    You could build your own custom authentication provider that supports OpenID connect. And use these two fields for that provider. Building such a provider is quite some work, and probably very complex to do it correctly.

    However, when I read that you find the hashed value adds to complexity, I would advise you to reconsider this implementation. Depending on the implementation, one could simply export all contacts from CRM, use a rainbow table, and know every password in the database. When those contacts are like every other person on the internet, they reuse the password.

    Why not use and of the social logins or other providers. Then you have nothing to do with storing passwords yourself.

  • CSF90 Profile Picture
    CSF90 on at

    Hi Martijn

    Thanks for your response.

    The reason for not using other providers or external logins is to ideally have a single set of credentials that could be used for external website, external desktop applications (that are coded to check Dynamics 365 records via Web API) and customer portals. This would also prevent the  users from having to register for portals separately (an issue where we're migrating approx. 5,000 records) - just having a Contact record in the system with those fields populated would be enough.

  • Suggested answer
    JohnAnonymous Profile Picture
    JohnAnonymous 5,241 on at

    Then you need to implement you own authentication provider that uses these fields and that is compatible with the portal.

    I do understand the need, but please be aware of the security implications. Here's an extensive blog post from a well respected author on password hashing: www.troyhunt.com/our-password-hashing-has-no-clothes

  • CSF90 Profile Picture
    CSF90 on at

    I will give it a read. Thanks!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans