Hi al, I have a reset/forget password flow in which users get a new (generated) password per mail. Now when a user resets its password, it gets a link to activate it. When he/she clicks on it, the activation-hash is set automatically in an anonymously accessible form. What I wanted to do is make the user "active" if  the hash is correct  the generated password is entered correctly Is it possible to check if the "generated password" is the same as the password that the user enters? I know that in the db it is stored as a hash (hashstring), but I would expect it to be possible in this way $account/Password = sha1($activateObject/userProviededPassword) I'd like to here if this check is possible or not.
You can do this in Java by using Core.authenticate, or by retrieving the MendixHashString member object of the specified attribute