Why's Delete not supported in ASP.Net Identity

Question

I was tinkering with the new auth features that recently RTM'd with Visual Studio 2013.

While implementing a custom UserStore, I was having a look at the decompiled sources for the UserStore that ships in the box, Microsoft.AspNet.Identity.EntityFramework.UserStore<TUser>. I noticed that the method for deleting a user was not supported:

  public class UserStore<TUser> : IUserLoginStore<TUser>, IUserClaimStore<TUser>, IUserRoleStore<TUser>, IUserPasswordStore<TUser>, IUserSecurityStampStore<TUser>, IUserStore<TUser>, IDisposable where TUser : IdentityUser
  {
       // other stuff omitted

    public virtual Task DeleteAsync(TUser user)
    {
      throw new NotSupportedException();
    }
  }

That's strange isn't it? Why is deleting a user not supported?

I admit I can't remember a production system that I've written that hard deleted user records, but I don't understand why this functionality is not supported.

Is there a technical reason or is it simply because Microsoft feels that deleting user records is "bad" and leaves it as an exercise for the developer to override the method?

Update

In an attempt to understand what the ASP.NET team was thinking, I searched for framework usages of DeleteAsync(TUser user). Nothing in the framework seems to invoke it. So, it seems that they could have completely left the member off of the IUserStore<TUser> interface.

My conclusion at this point is that it's there to implement if you want and how you want and that it will only ever be invoked by your application code or future user management libraries.

score 5 · Answer 1 · answered May 28 '14 at 13:51

5

Delete User account

In 1.0, if you had to delete a User, you could not do it through the UserManager. They have now fixed it with 2.0:

var result = await UserManager.DeleteAsync(user);

See http://blogs.msdn.com/b/webdev/archive/2014/03/20/test-announcing-rtm-of-asp-net-identity-2-0-0.aspx

answered May 28 '14 at 13:51

Gianpiero

3,349
1
29
42

Except it appears you first need to remove the user from any active roles or the `DeleteAsync` will fail. – iCollect.it Ltd Apr 14 '15 at 10:57
Correct, but you can always change the DB relationships forcing a "delete on cascade" between users and roles. I didn't try it but it'd work – Gianpiero Apr 20 '15 at 16:49
Fails silently for me. The user is not removed from the database :( – Zero3 Feb 18 '16 at 14:46

score 4 · Answer 2 · answered Oct 20 '13 at 04:47

4

We just ran out of time to complete it for 1.0, it will be added in Update 1 as part of the rest of the admin related apis like an IQueryable Users property on UserManager. (It's already implemented in nightly 1.1-alpha1 packages)

answered Oct 20 '13 at 04:47

Hao Kung

28,040
6
84
93

Fair enough. In that case, why not `NotImplementedException`? Semantics, I know, but it seems more appropriate. Good work on the new auth system by the way. I wrote a custom user store that works with RavenDB. I plugged it into the out of the box UserManager and it worked exactly the way I expected it to. – Ronnie Overby Oct 20 '13 at 13:01
I've been looking at this myself today. Is there a scheduled date for the next release of ASP.NET Identity (v1.1)? It'd be nice to use the built-in Delete function rather than implementing my own! – loxdog Dec 17 '13 at 12:16
We'll have an alpha out soonish (its now 2.0 rather than 1.1 due to some breaking changes at the EF model level) – Hao Kung Dec 17 '13 at 18:56

Why's Delete not supported in ASP.Net Identity

Update

2 Answers2

Linked