Trouble Deleting Users in SimpleMembership

I came across a question in StackOverflow the other day where someone was having trouble deleting a user in the SimpleMembership provider that is now the default provider in ASP.NET MVC 4 Internet Applications.  The problem he was having was that when he called SimpleMembershipProvider.DeleteUser it was deleting the data in the UserProfile table and not in the webpages_Membership table. First a little bit on what these two tables are about.

SimpleMembership is designed to put the user information in these two tables, which have a one-to-zero-or-one relationship.  The UserProfile table has a unique UserId and a UserName, and UserProfile can be customized by the developer.  This UserId is a foreign key for the webpages_Membership table, which contains the password and other security information in it.  The reason for keeping information in these table separate is that the data in webpages_Membership is not required if OAuth is being used. If OAuth is being used then the password and other security details will be on another system.

Now back to the problem. I found it hard to believe that using DeleteUser did not remove both tables because here is what the documentation says.

This method deletes the entry in the membership account table (by default, webpages_Membership). If deleteAllRelatedData is true, all user data that is stored in the user table is also deleted.

So here is the quick and dirty test I ran.

var roles = (SimpleRoleProvider)Roles.Provider;
var membership = (SimpleMembershipProvider)Membership.Provider;

if (membership.GetUser("test", false) == null)
{
    membership.CreateUserAndAccount("test", "test");
}

bool wasDeleted = membership.DeleteUser("test", true);

I stepped through with the debugger after the CreateUserAndAccount and saw an entry for the user in both tables. Then I stepped over DeleteUser and checked the database again. The entry in UserProfile was gone but the one in webpages_Membership was still there.  This was a far cry from what the documentation described as the behavior for this method and verified what the person asking the question in StackOverflow observed.

So I thought I would try something else to see if I could come up with a workaround for this issue. Here is the code I tried.

var roles = (SimpleRoleProvider)Roles.Provider;
var membership = (SimpleMembershipProvider)Membership.Provider;

if (membership.GetUser("test", false) == null)
{
    membership.CreateUserAndAccount("test", "test");
}

bool wasDeleted = membership.DeleteAccount("test");

wasDeleted = membership.DeleteUser("test", true);

Now when I stepped through with the debugger when I hit DeleteAccount the entry from webpages_Membership was removed and then when I hit DeleteUser the entry in UserProfile was removed. Now we do not have any orphans hanging around.  Not sure if and when Microsoft will fix this bug but at least there is a workaround.

I should also point out that if you have a user mapped to roles using DeleteUser will throw a foreign key exception. You have to remove any mapped roles before you can use it.

Comments

Popular posts from this blog

Using Claims in ASP.NET Identity

Seeding & Customizing ASP.NET MVC SimpleMembership

Customizing Claims for Authorization in ASP.NET Core 2.0