Welcome to the club of people looking for permanently disabling a user.
We have used different versions of Identity going back about a decade, the method we ended up with was going custom; adding a
AccountLocked [bit]
field to the db schema.
We do have an
Admin interface to manage all of the users, so this method was not too hard to add in. It also would be easy to set the Lockout Time to some really far into the future date as well.
The NuGet package has a recent discussion on this; and it appears that this method is what they are considering for the future:
What is considered best practice for disabling / deactivating users? · Issue #1858[
^]