I have configured MY Identity like this:

services.AddIdentity<AppUser, IdentityRole>(
               opts =>
               {
                   opts.SignIn.RequireConfirmedEmail = true;
                   opts.Password.RequireDigit = true;
                   opts.Password.RequireLowercase = true;
                   opts.Password.RequireUppercase = true;
                   opts.Password.RequireNonAlphanumeric = false;
                   opts.Password.RequiredLength = 7;
               })
           .AddEntityFrameworkStores<MyDbContext>().AddDefaultTokenProviders();

I expect the users that their Email are not still confirmed be unable to Login to the system since I have already told SignIn.RequireConfirmedEmail = true;. But when I run the application I can Log with both two kind of users, the both that their Email are confirmed and the ones that their Email is not confirmed. So why SignIn.RequireConfirmedEmail = true; is not working in this case, is there any other config that I need to do?

EDIT: I just realized that I didn't check for Email confirmation in my Login method, something like this:

if (!await _userManager.IsEmailConfirmedAsync(user))

So the main question, is the above line necessary even if I have already told SignIn.RequireConfirmedEmail = true;? I mean isn't the SignIn.RequireConfirmedEmail = true; enough? If it is not enough, what's it's usage at all?

0 Answers