How to disable a User?

Feb 8, 2014 at 6:52 PM
Hi.

I am trying to disable a user using:

IdentityResult confirmUserResult = await UserManager.SetConfirmedAsync(userId, false);

However, after "disable" the user, I try to login with the related user and I can do it.

How can I disable a User?
Developer
Feb 10, 2014 at 5:41 PM
@Fran_gg7: the SetConfirmed which is revised in beta to be more specific is SetEmailConfirmed. This method is used to confirm the email address of the user. There is no flag that is specific to disabling a current user that is built in the framework. Users are free to add a separate property to handle this. In addition you can open an issue and the team can triage it to see if this should go in the framework.
Mar 12, 2014 at 8:53 PM
Edited Mar 12, 2014 at 8:53 PM
What I do is add a custom IsApproved bool property to my ApplicationUser model and modify my Login method in the AccountController to also check if user.IsApproved == true (where it does the IsLockedOutAsync() and CheckPasswordAsync() checks).

IIRC the old Membership providers have such functionality built-in. I too feel that is essential feature that should go into the framework. It is not uncommon (in fact for me it is very common) for user accounts to need to get disabled, suspended, etc.
Mar 21, 2014 at 6:29 PM
Please add an option, so that new accounts can be manually approved/disabled by the webmaster. If a new user completes the registration process and the email verification, there should be an option to let the user know that the account is pending webmaster approval before full access is granted. Please make this functionality part of the new ASP.NET Identity! This should work with local database and with Microsoft, Facebook, etc. accounts.

Thank you!
Mar 24, 2014 at 8:02 AM
Edited Mar 24, 2014 at 8:03 AM
Looks like Account Lockout in just released v2 should fit this need now, no? http://blogs.msdn.com/b/webdev/archive/2014/03/20/test-announcing-rtm-of-asp-net-identity-2-0-0.aspx
Jun 2, 2014 at 8:16 PM
Account Lockout is also triggered by invalid login attempts. Is there a way to distinguish that from user approval status? It would be a nice feature.
Developer
Jun 2, 2014 at 10:47 PM
@Sofling: you could add a new property to verify that and the check when logging in