Answered How to Log Out a User After Deleting Record?

Mitchelln11

Active member
Joined
Apr 10, 2020
Messages
39
Programming Experience
Beginner
Having issues logging out after deleting a user

I have 2 tables:
dbo.AspNetUsers
dbo.People


I have an ActionLink on the Person Details View that passes the ID:
C#:
@Html.ActionLink("Delete Profile", "Delete", "Hiker", new { id = Model.Id }, new { @class = "btn btn-danger" })

Then, I'm going to a Delete Action which removes the person AND its AspNetUser record:
C#:
        // POST: PeopleController/Delete/5
        [HttpPost, ActionName("Delete")]
        [ValidateAntiForgeryToken]
        public ActionResult DeleteConfirmed(int id)
        {
            People person = _context.People.Find(id);
            IdentityUser user = _context.Users.Where(s => s.Id == person.ApplicationId).FirstOrDefault();
            try
            {
                _context.People.Remove(person);
                _context.SaveChanges();
                _context.Users.Remove(user);
                _context.SaveChanges();
                // User.Logout() or something like it here???
                return RedirectToAction("Index", "People");
            }
            catch
            {
                return View();
            }
        }

1. Button directs to Delete Action as it should
2. Id passing through is correct
3. People person is the correct person
4. Identity user has the right info, most importantly an ID that matches the person's Application ID
5. person is removed
6. Changes are saved
7. AspNetUser record removed
8. Changes saved
9. When it redirects to to the Index View of the People, the navbar still says Hello person@email.com! (Even though the 2 records referencing that email has been deleted)
 
Con you force clearing of cookies?
 
Con you force clearing of cookies?
Perhaps. How would you go about doing that?
Do you have to get the entire record you want to delete?
Or maybe just the email (the part that's still showing)?

C#:
public void Remove(string key) 
{
Response.Cookies.Delete(key);
}
Something like that? Am I passing a single value, or a User Object?
 
I don't know. You'll need to read the documentation for the identity manager for ASP.NET. All I know is that the default identity manager depends on cookies to keep track of the logged in user.
 
Perhaps this may help:
 
I'd have to test this myself to know whether it would work but I wonder whether you could put an Authorize attribute based Role on every controller. It's may be the case that the user's role(s) is only retrieved once per session but it might be that the role is checked every time such an attribute is hit. In that case, a deleted user would have no role so they would be rejected. Of course, this assumes that there is at least one role in the first place.
 
Perhaps this may help:

That did it.

Added to the top of my controller and constructor:
C#:
private readonly SignInManager<IdentityUser> _signInManager;

public PeopleController(ApplicationDbContext context, SignInManager<IdentityUser> signInManager)
{
     _context = context;
     _signInManager = signInManager;
}

A method to log out:
C#:
public async Task<IActionResult> LogOutUser()
{
     await _signInManager.SignOutAsync();
     return RedirectToAction("DeleteConfirmed");
}

And I threw that method into the Delete method:
C#:
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
public async Task<ActionResult> DeleteConfirmed(int id)
{
     People person = _context.People.Find(id);
     IdentityUser user = _context.Users.Where(s => s.Id == person.ApplicationId).FirstOrDefault();
            try
            {
                _context.People.Remove(person);
                _context.SaveChanges();
                _context.Users.Remove(user);
                _context.SaveChanges();
                await LogOutUser();
                return RedirectToAction("Index", "People");
            }
            catch
            {
                return View();
            }
}
 
I think that I misunderstood this question. Are you really allowing a user to delete their own user record? Why would you be able to return to a list of users at all if you're not a user? This seems rather odd to me.
 
I think that I misunderstood this question. Are you really allowing a user to delete their own user record? Why would you be able to return to a list of users at all if you're not a user? This seems rather odd to me.

That's actually a mistake. I will have them redirect to the main home page after deleting. I don't have roles set up yet. I've only done that with Framework.

Is there an issue will allowing a registered user to delete their own record?
 
Is there an issue will allowing a registered user to delete their own record?
That would depend on circumstances I guess. It's never really been a good idea in anything I've done but I guess there could be circumstances where it was OK. Just don't do things like let the last administrator delete themselves or delete any user if you need to keep associated records.
 
Back
Top Bottom