在 MVC Web 应用程序中删除 ASP.NET 标识的问题

Question

So after looking around for guides and tutorials of how can I delete ASP Users, I found the following code to be pretty neat:

 [HttpPost]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> DeleteConfirmed(string id)
    {
        if (ModelState.IsValid)
        {
            if (id == null)
            {
                return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
            }

            var user = await UserManager.FindByIdAsync(id);
            var logins = user.Logins;
            var rolesForUser = await UserManager.GetRolesAsync(id);

            using (var transaction = context.Database.BeginTransaction())
            {
                foreach (var login in logins.ToList())
                {
                    await UserManager.RemoveLoginAsync(login.UserId, new UserLoginInfo(login.LoginProvider, login.ProviderKey));
                }

                if (rolesForUser.Count() > 0)
                {
                    foreach (var item in rolesForUser.ToList())
                    {
                        // item should be the name of the role
                        var result = await UserManager.RemoveFromRoleAsync(user.Id, item);
                    }
                }

                await UserManager.DeleteAsync(user);
                transaction.Commit();
            }

            return RedirectToAction("Index");
        }
        else
        {
            return View();
        }
    }

My view looks something like this:

<td>
    @Html.ActionLink("Edit", "Edit", new { id = user.UserId }) |
    @Html.ActionLink("Delete", "DeleteConfirmed", new { id = user.UserId })
</td>

After clicking "Delete" here, in theory, it should have called the DeleteConfirmed method from the controller called "ManageUsersController". However, it returns this error:

Server Error in '/' Application.

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

Requested URL: /ManageUsers/DeleteConfirmed/29ad177f-0285-43d2-b065-109876f270b9

What might be going wrong here? Is there another way that I should write the method in the controller? Thank you in advance

Answer 1

This answer is based on the default codes that .NET scaffold for us.

• You're generating the Delete link using an extension of ActionLink which needs link text as the first parameter and action name as the second one . Your DeleteConfirmed action is a POST method; you can't generate a link to POST, .NET sees GET methods for links. So:

<td>
  @Html.ActionLink("Edit", "Edit", new { id = user.UserId }) |
  @Html.ActionLink("Delete", "Delete", new { id = user.UserId })
</td>

• Make sure you have another method called Delete which is a GET one, in your controller.

• Add another attribute to DeleteConfirmed :

[ActionName("Delete")]
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<ActionResult> DeleteConfirmed(string id)
{ ... }

• If you need to delete the user when you click the Delete , you should use a POST form including the user id and anti-forgery token as hidden inputs and a submit button instead of link. But it's a best practice to show the user what they're deleting. That's why .NET generated two related actions for delete; Delete (to review) and DeleteConfirmed (to actually delete).