I have a site using ASP.net identity 2.0 for user management with a few external authentication options as well (google,facebook,etc).
I want to give users the option to delete their account. I found a good example of how to implement this in this answer: ASP.NET MVC 5 how to delete a user and its related data in Identity 2.0
However, I am looking to restrict anyone else from registering the old user's username when he/she delete their account. However, the email should be freed up if they decide to reregister.
I want to prevent user ABC from deleting their account, and then someone unrelated taking username ABC (this would cause confusion/problems in my use case).
I am looking for advice on best practices on how to implement this. Is there anything built into ASP identity? Or should I keep a list/sql db somewhere of all registered usernames (deleted and active) and simply check new users against this list?
Thank you.
A hyper simplistic approach would be to simply not delete the user account in the user tables but rather mark it as locked and update the email address from whatever it is to something else and set whatever other sensitive fields like passwords to in-house defaults. You'd probably want to reduce and or outright delete any rights / roles too.
So do a replace on an email account of abc@abc.com to make it abc#abc.com@deletedaccount.me.
Then you're done and dont need any extra coding as the framework will take care of the rest itself.