This article seems to talk about one way to do this:
http://www.amergerzic.com/post/AccessEmailConfirmation.aspx[
^]
It's fairly trivial to roll your own solution though:
1) User signs up
2) You create a unique token associated with the user
3) Email him a link with the unique token in the url querystring
4) The Url basically updates a flag in the database saying the user is now confirmed (or rather his email is confirmed)
Whenever the user signs in, this flag is checked first to make sure only users with confirmed emails can login successfully.