Asp.net core force user to confirm email

Question

Like in the title I am trying to force the user to confirm the email before let him log in. I was doing things according to Microsoft tutorial and there was wrote that I have to add

o.SignIn.RequireConfirmedEmail = true;

what I have done but it do not block me to log in even I did not confirm my email

 services.AddIdentity<Company, IdentityRole>
      (o =>
      {
        // configure identity options
        o.Password.RequireDigit = false;
        o.Password.RequireLowercase = false;
        o.Password.RequireUppercase = false;
        o.Password.RequireNonAlphanumeric = false;
        o.Password.RequiredLength = 6;
        o.SignIn.RequireConfirmedEmail = true;
        o.Tokens.EmailConfirmationTokenProvider = EmailConfirmationTokenProviderName;
      })
      .AddEntityFrameworkStores<ShopContext>()
      .AddTokenProvider<ConfirmEmailDataProtectorTokenProvider<Company>>(EmailConfirmationTokenProviderName);

I am using jwt tokens authentication have I do something more in this case than things which I show?

Answer 1

Add checking if account is confirmed in start of Login action

var user = await _userManager.FindByEmailAsync(model.Email);
        if (user != null)
        {
            if (!await _userManager.IsEmailConfirmedAsync(user))
            {
                ModelState.AddModelError(string.Empty, 
                              "You must have a confirmed email to log in.");
                return View(model);
            }
        }

Also remember about prevent newly registered users from being automatically logged by comment await _signInManager.SignInAsync(user, isPersistent: false); in Register action

For more read official docs