In MVC 4 project I've deleted user from the system while he happened to be logged in. Now he's getting exception from SimpleMembershipProvider methods (or from Membership/Role helpers) that user does not exists.
The issue is however, that while logged in, instead of any possibility to log off gracefully, he's getting error page, which would not let him use the page till the auth cookie would get outdated. How to intercept such a situation? It looks like I can't hook anywhere to just handle those exceptions. What is a nice way of dealing with it?
If you are using role-based authorization and have authorization setup correctly in your application, then the graceful way to handle this is to not delete the user but to take his roles away so he does not have access to areas you do not want him to.
Another way to do this is to add an enabled flag to the UserProfile by customizing it as described in this article. Then use the enabled flag in your authorization process by customizing the Authorize attribute to fail authorization if enabled is false. Instead of deleting the user you just flip the enabled flag to false.