I am using the template asp.net/vb.net web forms application with individual user accounts in VS 2017. I have it setup for email verification and that is working fine. However, although the user receives a verification email upon registration, they are still allowed to stay logged in without clicking the link in the verification email. The only thing that they can't do without verifying their email is get a password recovery email or change their password. I would like to be able force them to verify their email before remaining logged into the site.
I assume that I need to make changes to the code below, but I cannot figure out how/what to change.
Protected Sub LogIn(sender As Object, e As EventArgs)
If IsValid Then
' Validate the user password
Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)()
Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)()
' This doesn't count login failures towards account lockout
' To enable password failures to trigger lockout, change to shouldLockout := True
Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout := False)
Select Case result
Case SignInStatus.Success
IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)
Exit Select
Case SignInStatus.LockedOut
Response.Redirect("/Account/Lockout")
Exit Select
Case SignInStatus.RequiresVerification
Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
Request.QueryString("ReturnUrl"),
RememberMe.Checked),
True)
Exit Select
Case Else
FailureText.Text = "Invalid login attempt"
ErrorMessage.Visible = True
Exit Select
End Select
End If
End Sub