I am the administrator and I need to delete a user.
If the user is authenticated at the moment I delete it, what is the best strategy to force the deleted user to logout at the next request?
Must I handle this operation in the Application_AuthenticateRequest event?
In other words, can be an idea to verify in the AuthenticateRequest event if the user still exists and, if not, to delete all the cookies and redirect to logon page?
After some research and evaluation, finally I have found a strategy to handle this scenario, so, in Global.asax:
protected void Application_AuthenticateRequest()
{
var user = HttpContext.Current.User;
if (user != null)
{
if (Membership.GetUser(user.Identity.Name, true) == null)
{
CookieHelper.Clear();
Response.RedirectToRoute("Login");
}
}
}
When the request is authenticated, we verify that the user still exists in the system, if not all the cookies will be deleted and the request will be redirected to the login page.