I was tinkering with the new auth features that recently RTM'd with Visual Studio 2013.
While implementing a custom UserStore, I was having a look at the decompiled sources for the UserStore that ships in the box, Microsoft.AspNet.Identity.EntityFramework.UserStore<TUser>
. I noticed that the method for deleting a user was not supported:
public class UserStore<TUser> : IUserLoginStore<TUser>, IUserClaimStore<TUser>, IUserRoleStore<TUser>, IUserPasswordStore<TUser>, IUserSecurityStampStore<TUser>, IUserStore<TUser>, IDisposable where TUser : IdentityUser
{
// other stuff omitted
public virtual Task DeleteAsync(TUser user)
{
throw new NotSupportedException();
}
}
That's strange isn't it? Why is deleting a user not supported?
I admit I can't remember a production system that I've written that hard deleted user records, but I don't understand why this functionality is not supported.
Is there a technical reason or is it simply because Microsoft feels that deleting user records is "bad" and leaves it as an exercise for the developer to override the method?
Update
In an attempt to understand what the ASP.NET team was thinking, I searched for framework usages of DeleteAsync(TUser user)
. Nothing in the framework seems to invoke it. So, it seems that they could have completely left the member off of the IUserStore<TUser>
interface.
My conclusion at this point is that it's there to implement if you want and how you want and that it will only ever be invoked by your application code or future user management libraries.