I have a small website with about 10 members. 5 of those are now banned.
I have ensured that they cannot login through the login page.
However because the authentication cookie is persistent and is set to expire after a few months if they return to the site they will still be logged in.
A simple solution is just to expire all authentication tickets/cookies.
How to do that?
You can add a field in the database called IsBanned. When the user is banned IsBanned is true. If the IsBanned is true then you do not allow the user to access the website.
since you are using forms authentication you can use the authorization setting in the web config:
<system.web>
<authorization>
<deny users="user1,user2,user3"/>
</authorization>
</system.web>
or if you are using a roles provider you could do
<system.web>
<authorization>
<deny roles="banned"/>
</authorization>
</system.web>
Cookies are meant for authentication not for authorization.
From wikipedia
The process of authorization is sometimes mistakenly thought to be the same as authentication; many widely adopted standard security protocols, obligatory regulations, and even statutes make this error. However, authentication is the process of verifying a claim made by a subject that it should be allowed to act on behalf of a given principal (person, computer, process, etc.). Authorization, on the other hand, involves verifying that an authenticated subject has permission to perform certain operations or access specific resources. Authentication, therefore, must precede authorization.
If you are using Forms authentication then Rob's answer is the way to go. Otherwise you may need to implement it manually
Sure they can still be identified as users (banned but users) But still that shouln't be enought to let them in.
As azamsharp posted. There has to be a way to tell users from banned users in the database, and not letting them to login.
Then the banned users can still be authenticated (after they send the correct user and password) but not authorized (after they are detected as banned).