public async Task <IActionResult> DeleteUser([FromQuery] string username) { var normalizedUsername = UsernameNormalizer.Normalize(username); // Authroize var loggedInUsername = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name); var authorizationResult = await authorizationModule.AuthorizeAsync( new ManageUserResourceDescription(normalizedUsername, UserManagementActionType.Delete), loggedInUsername); if (!authorizationResult.IsAuthorized) { return(StatusCode((int)HttpStatusCode.Unauthorized, "Not authorized")); } var wasDeleted = await authenticationModule.DeleteUserAsync(normalizedUsername); if (wasDeleted) { apiEventLogger.Log(LogLevel.Warning, $"User '{normalizedUsername}' has been deleted"); return(Ok()); } var userExists = await authenticationModule.FindUserAsync(normalizedUsername) != null; if (userExists) { return(StatusCode((int)HttpStatusCode.InternalServerError, "User exists but could not be deleted")); } return(Ok()); }