I'm trying to find a way to disable a user in Identity 2.0 and can't seem to find any info on it.
I would like to basically set a user to IsActive=false and would prefer to do it as soon as the user is created. However, I need a way to set the IsActive for our site Admin. I already have this with ASP.Net membership but I'm looking to covert the site to MVC and Identity.
For my requirements we ask people to go ahead and register an account but we want it to be disabled by default. Then when we receive payment for joining we will go back and enable them. We also use it to disable users when their subscription is up and they haven't renewed.
Is there a way to disable an account without deleting it or only locking them out for an X amount of time? So far I haven't found any way of just disabling a user in Identity and I'm surprised this question hasn't come up before.
When you create a site with the Identity bits installed, your site will have a file called "IdentityModels.cs". In this file is a class called ApplicationUser which inherits from IdentityUser.
// You can add profile data for the user by adding more properties to your ApplicationUser class, please visit http://go.microsoft.com/fwlink/?LinkID=317594 to learn more.
public class ApplicationUser : IdentityUser
There is a nice link in the comments there, for ease click here
This tutorial tells you exactly what you need to do to add custom properties for your user.
And actually, don't even bother looking at the tutorial.
1) add a property to the ApplicationUser class, eg:
public bool? IsEnabled { get; set; }
2) add a column with the same name on the AspNetUsers table in your DB.
3) boom, that's it!
Now in your AccountController, you have a Register action as follows:
public async Task<ActionResult> Register(RegisterViewModel model)
        {
            if (ModelState.IsValid)
            {
                var user = new ApplicationUser { UserName = model.Email, Email = model.Email, IsEnabled = true };
                var result = await UserManager.CreateAsync(user, model.Password);
                if (result.Succeeded)
I've added the IsEnabled = true on the creation of the ApplicationUser object. The value will now be persisted in your new column in the AspNetUsers table.
You would then need to deal with checking for this value as part of the sign in process, by overriding PasswordSignInAsync in ApplicationSignInManager.
I did it as follows:
public override Task<SignInStatus> PasswordSignInAsync(string userName, string password, bool rememberMe, bool shouldLockout)
    {
        var user = UserManager.FindByEmailAsync(userName).Result;
        if ((user.IsEnabled.HasValue && !user.IsEnabled.Value) || !user.IsEnabled.HasValue)
        {
            return Task.FromResult<SignInStatus>(SignInStatus.LockedOut);
        }
        return base.PasswordSignInAsync(userName, password, rememberMe, shouldLockout);
    }
Your mileage may vary, and you may not want to return that SignInStatus, but you get the idea.
Was doing some research on this and turns out the IdentityUser base class has some properties related to this topic. Namely: LockoutEnabled and LockoutEndDateUtc.
It's sufficient to set LockoutEnabled to true and LockoutEndDateUtc to some future date in order for the standard SignInManager.PasswordSignInAsync to pick it up and act accordingly without any overrides or customizations.
And if you want to just disable the user without specifying any exact date of reactivation you can just set it to DateTime.MaxValue.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With