Lock & Unlock User Accounts In ASP.NET Core Identity

Published on

We previously looked at resetting passwords for users in ASP.NET Identity. If you haven't read that guide yet, I recommend giving it a quick read.

Today I'm going to expand on that code to show you how we can lock & unlock accounts in ASP.NET Identity.


You should be using ASP.NET 5, Core 2.2, 3.0 or 3.1 with Entity Framework, and in your Startup.cs file you should reference some kind of users class.

public void ConfigureServices(IServiceCollection services)
    services.AddTransient<IUsers, Users>();

It also assumed that

Locking & Unlocking Accounts

Here is the full code that you will need to lock and unlock accounts via ASP.NET Identity.

    public interface IUsers
        public bool LockUser(string email, DateTime? endDate);
        public bool UnlockUser(string email);

    public class Users : IUsers
        #region Constructor
        private readonly UserManager<IdentityUser> _userManager;
        private readonly DateTime EndDate;
        public Users(UserManager<IdentityUser> userMgr)
            EndDate = new DateTime(2222, 06, 06);

            _userManager = userMgr;

        public bool LockUser(string email, DateTime? endDate)
            if (endDate == null)
                endDate = EndDate;

            var userTask = _userManager.FindByEmailAsync(email);
            var user = userTask.Result;

            var lockUserTask = _userManager.SetLockoutEnabledAsync(user, true);

            var lockDateTask = _userManager.SetLockoutEndDateAsync(user, endDate);

            return lockDateTask.Result.Succeeded && lockUserTask.Result.Succeeded;
        public bool UnlockUser(string email)
            var userTask = _userManager.FindByEmailAsync(email);
            var user = userTask.Result;

            var lockDisabledTask = _userManager.SetLockoutEnabledAsync(user, false);

            var setLockoutEndDateTask = _userManager.SetLockoutEndDateAsync(user, DateTime.Now - TimeSpan.FromMinutes(1));

            return setLockoutEndDateTask.Result.Succeeded && lockDisabledTask.Result.Succeeded;

The code exposes two public methods named LockUser and UnlockUser.


When locking an account, either provide an end date for when the lock will expire or it will default to "2222-06-06", you can of course change this default date. Aditionally, the email address of the account that you wish to lock shouuld be specified.

The code will mark the user as locked and also set an expiry date of the lock.

Finally, the method will return the result of both requests to the _userManager service.

Unlock User

To unlock an account, just call the UnlockUser method and provide an email address. It will find the user based on the email address, set the lockout enabled flag to false and then set the lockout end date to one minute in the past.

The result of this method indicates if the change was successful.

Article Categories: # .net # c# # identity # asp.net
Date Published: Nov 22, 2020


A tech blog by Andy P. I talk about coding, enterprise software development, tech, games design & other things that interest me.

Signup To The Newsletter

I try to post a new interesting article every saturday.

IT Asset Management

Our friends at AssetPad are building a complete online solution for managing the IT assets within your organisation. With barcodes and documentation tools.