From 391713b84dc960fe76c958c6c886e10d7198fa76 Mon Sep 17 00:00:00 2001
From: Shaun Walker <shaun.walker@siliqon.com>
Date: Wed, 20 Apr 2022 16:00:58 -0400
Subject: [PATCH] Fix #2144 - install issue, Fix #2146 - move file issue,
 require verification of external login account linkage

---
 Oqtane.Client/Modules/Admin/Login/Index.razor | 39 +++++++++---
 .../Resources/Modules/Admin/Login/Index.resx  | 28 ++++++++-
 Oqtane.Client/Services/AliasService.cs        | 10 +--
 Oqtane.Client/Services/DatabaseService.cs     | 10 +--
 Oqtane.Client/Services/FileService.cs         |  6 +-
 Oqtane.Client/Services/FolderService.cs       |  9 +--
 Oqtane.Client/Services/InstallationService.cs |  2 +-
 .../Services/Interfaces/IUserService.cs       | 13 ++++
 Oqtane.Client/Services/JobLogService.cs       |  9 +--
 Oqtane.Client/Services/JobService.cs          |  9 +--
 Oqtane.Client/Services/LanguageService.cs     | 12 +---
 Oqtane.Client/Services/LocalizationService.cs |  9 +--
 Oqtane.Client/Services/LogService.cs          |  6 +-
 .../Services/ModuleDefinitionService.cs       | 11 +---
 Oqtane.Client/Services/ModuleService.cs       | 10 +--
 Oqtane.Client/Services/NotificationService.cs |  9 +--
 Oqtane.Client/Services/PackageService.cs      |  8 +--
 Oqtane.Client/Services/PageModuleService.cs   | 10 +--
 Oqtane.Client/Services/PageService.cs         | 11 +---
 Oqtane.Client/Services/ProfileService.cs      | 10 +--
 Oqtane.Client/Services/RoleService.cs         | 11 +---
 Oqtane.Client/Services/SettingService.cs      | 10 +--
 Oqtane.Client/Services/SiteService.cs         | 10 +--
 Oqtane.Client/Services/SiteTemplateService.cs |  8 +--
 Oqtane.Client/Services/SqlService.cs          |  9 +--
 Oqtane.Client/Services/SyncService.cs         | 13 +---
 Oqtane.Client/Services/SystemService.cs       |  9 +--
 Oqtane.Client/Services/TenantService.cs       |  9 +--
 Oqtane.Client/Services/ThemeService.cs        |  9 +--
 Oqtane.Client/Services/UrlMappingService.cs   | 11 +---
 Oqtane.Client/Services/UserRoleService.cs     | 10 +--
 Oqtane.Client/Services/UserService.cs         | 15 ++---
 Oqtane.Client/Services/VisitorService.cs      | 11 +---
 Oqtane.Server/Controllers/FileController.cs   |  1 +
 Oqtane.Server/Controllers/UserController.cs   | 38 ++++++++++-
 ...taneSiteAuthenticationBuilderExtensions.cs | 63 +++++++++++++------
 Oqtane.Server/Pages/Login.cshtml.cs           |  1 -
 Oqtane.Server/Security/PrincipalValidator.cs  |  4 +-
 Oqtane.Server/Startup.cs                      |  4 +-
 Oqtane.Shared/Enums/ExternalLoginStatus.cs    | 13 ++++
 40 files changed, 234 insertions(+), 256 deletions(-)
 create mode 100644 Oqtane.Shared/Enums/ExternalLoginStatus.cs

diff --git a/Oqtane.Client/Modules/Admin/Login/Index.razor b/Oqtane.Client/Modules/Admin/Login/Index.razor
index f6f11fcf..c8e61d38 100644
--- a/Oqtane.Client/Modules/Admin/Login/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Login/Index.razor
@@ -117,22 +117,47 @@
 				_username = PageState.QueryString["name"];
 			}
 
-			if (PageState.QueryString.ContainsKey("token"))
+			if (PageState.QueryString.ContainsKey("token") && !string.IsNullOrEmpty(_username))
 			{
 				var user = new User();
 				user.SiteId = PageState.Site.SiteId;
 				user.Username = _username;
-				user = await UserService.VerifyEmailAsync(user, PageState.QueryString["token"]);
 
-				if (user != null)
+				if (PageState.QueryString.ContainsKey("key"))
 				{
-					await logger.LogInformation(LogFunction.Security, "Email Verified For For Username {Username}", _username);
-					AddModuleMessage(Localizer["Success.Account.Verified"], MessageType.Info);						
+					user = await UserService.LinkUserAsync(user, PageState.QueryString["token"], PageState.Site.Settings["ExternalLogin:ProviderType"], PageState.QueryString["key"], PageState.Site.Settings["ExternalLogin:ProviderName"]);
+					if (user != null)
+					{
+						await logger.LogInformation(LogFunction.Security, "External Login Linkage Successful For Username {Username}", _username);
+						AddModuleMessage(Localizer["Success.Account.Linked"], MessageType.Info);						
+					}
+					else
+					{
+						await logger.LogError(LogFunction.Security, "External Login Linkage Failed For Username {Username}", _username);
+						AddModuleMessage(Localizer["Message.Account.NotLinked"], MessageType.Warning);						
+					}
+					_username = "";
 				}
 				else
 				{
-					await logger.LogError(LogFunction.Security, "Email Verification Failed For Username {Username}", _username);
-					AddModuleMessage(Localizer["Message.Account.NotVerfied"], MessageType.Warning);						
+					user = await UserService.VerifyEmailAsync(user, PageState.QueryString["token"]);
+					if (user != null)
+					{
+						await logger.LogInformation(LogFunction.Security, "Email Verified For For Username {Username}", _username);
+						AddModuleMessage(Localizer["Success.Account.Verified"], MessageType.Info);						
+					}
+					else
+					{
+						await logger.LogError(LogFunction.Security, "Email Verification Failed For Username {Username}", _username);
+						AddModuleMessage(Localizer["Message.Account.NotVerified"], MessageType.Warning);						
+					}
+				}
+			}
+			else
+			{
+				if (PageState.QueryString.ContainsKey("status"))
+				{
+					AddModuleMessage(Localizer["ExternalLoginStatus." + PageState.QueryString["status"]], MessageType.Info);
 				}
 			}
 		}
diff --git a/Oqtane.Client/Resources/Modules/Admin/Login/Index.resx b/Oqtane.Client/Resources/Modules/Admin/Login/Index.resx
index 33c9fb60..af56fc05 100644
--- a/Oqtane.Client/Resources/Modules/Admin/Login/Index.resx
+++ b/Oqtane.Client/Resources/Modules/Admin/Login/Index.resx
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <root>
   <!-- 
     Microsoft ResX Schema 
@@ -123,9 +123,15 @@
   <data name="Success.Account.Verified" xml:space="preserve">
     <value>User Account Verified Successfully. You Can Now Login With Your Username And Password Below.</value>
   </data>
-  <data name="Message.Account.NotVerfied" xml:space="preserve">
+  <data name="Message.Account.NotVerified" xml:space="preserve">
     <value>User Account Could Not Be Verified. Please Contact Your Administrator For Further Instructions.</value>
   </data>
+  <data name="Success.Account.Linked" xml:space="preserve">
+    <value>User Account Linked Successfully. You Can Now Login With Your External Login Below.</value>
+  </data>
+  <data name="Message.Account.NotLinked" xml:space="preserve">
+    <value>External Login Could Not Be Linked. Please Contact Your Administrator For Further Instructions.</value>
+  </data>
   <data name="Error.Login.Fail" xml:space="preserve">
     <value>Login Failed. Please Remember That Passwords Are Case Sensitive. If You Have Attempted To Sign In Multiple Times Unsuccessfully, Your Account Will Be Locked Out For A Period Of Time. Note That User Accounts Require Verification When They Are Initially Created So You May Wish To Check Your Email If You Are A New User.</value>
   </data>
@@ -201,4 +207,22 @@
   <data name="Error.ResetPassword" xml:space="preserve">
     <value>Error Resetting Password</value>
   </data>
+  <data name="ExternalLoginStatus.DuplicateEmail" xml:space="preserve">
+    <value>Multiple User Accounts Already Exist With The Email Address Of Your External Login. Please Contact Your Administrator For Further Instructions.</value>
+  </data>
+  <data name="ExternalLoginStatus.InvalidEmail" xml:space="preserve">
+    <value>The External Login Provider Did Not Provide A Valid Email Address For Your Account. Please Contact Your Administrator For Further Instructions.</value>
+  </data>
+  <data name="ExternalLoginStatus.ProviderKeyMismatch" xml:space="preserve">
+    <value>An Error Occurred Verifying Your External Login. Please Contact Your Administrator For Further Instructions.</value>
+  </data>
+  <data name="ExternalLoginStatus.UserDoesNotExist" xml:space="preserve">
+    <value>A User Account Matching The Email Address Of Your External Login Does Not Exist. Please Contact Your Administrator For Further Instructions.</value>
+  </data>
+  <data name="ExternalLoginStatus.UserNotCreated" xml:space="preserve">
+    <value>A User Account Could Not Be Created For Your External Login. Please Contact Your Administrator For Further Instructions.</value>
+  </data>
+  <data name="ExternalLoginStatus.VerificationRequired" xml:space="preserve">
+    <value>In Order To Link Your External Login With Your User Account You Must Verify Your Identity. Please Check Your Email For Further Instructions.</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/Oqtane.Client/Services/AliasService.cs b/Oqtane.Client/Services/AliasService.cs
index 891c5a08..c2e59799 100644
--- a/Oqtane.Client/Services/AliasService.cs
+++ b/Oqtane.Client/Services/AliasService.cs
@@ -12,18 +12,12 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class AliasService : ServiceBase, IAliasService
     {
-
-        private readonly SiteState _siteState;
-
         /// <summary>
         /// Constructor - should only be used by Dependency Injection
         /// </summary>
-        public AliasService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
+        public AliasService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        private string ApiUrl => CreateApiUrl("Alias", _siteState.Alias);
+        private string ApiUrl => CreateApiUrl("Alias");
 
         /// <inheritdoc />
         public async Task<List<Alias>> GetAliasesAsync()
diff --git a/Oqtane.Client/Services/DatabaseService.cs b/Oqtane.Client/Services/DatabaseService.cs
index 81c93248..bfa06865 100644
--- a/Oqtane.Client/Services/DatabaseService.cs
+++ b/Oqtane.Client/Services/DatabaseService.cs
@@ -11,15 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class DatabaseService : ServiceBase, IDatabaseService
     {
+        public DatabaseService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        private readonly SiteState _siteState;
-
-        public DatabaseService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Database", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Database");
 
         public async Task<List<Database>> GetDatabasesAsync()
         {
diff --git a/Oqtane.Client/Services/FileService.cs b/Oqtane.Client/Services/FileService.cs
index 84932e19..3a224cc4 100644
--- a/Oqtane.Client/Services/FileService.cs
+++ b/Oqtane.Client/Services/FileService.cs
@@ -14,16 +14,14 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class FileService : ServiceBase, IFileService
     {
-        private readonly SiteState _siteState;
         private readonly IJSRuntime _jsRuntime;
 
-        public FileService(HttpClient http, SiteState siteState, IJSRuntime jsRuntime) : base(http)
+        public FileService(HttpClient http, SiteState siteState, IJSRuntime jsRuntime) : base(http, siteState)
         {
-            _siteState = siteState;
             _jsRuntime = jsRuntime;
         }
 
-        private string Apiurl => CreateApiUrl("File", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("File");
 
         public async Task<List<File>> GetFilesAsync(int folderId)
         {
diff --git a/Oqtane.Client/Services/FolderService.cs b/Oqtane.Client/Services/FolderService.cs
index 653fab23..6375d9a6 100644
--- a/Oqtane.Client/Services/FolderService.cs
+++ b/Oqtane.Client/Services/FolderService.cs
@@ -14,14 +14,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class FolderService : ServiceBase, IFolderService
     {
-        private readonly SiteState _siteState;
+        public FolderService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public FolderService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string ApiUrl => CreateApiUrl("Folder", _siteState.Alias);
+        private string ApiUrl => CreateApiUrl("Folder");
 
         public async Task<List<Folder>> GetFoldersAsync(int siteId)
         {
diff --git a/Oqtane.Client/Services/InstallationService.cs b/Oqtane.Client/Services/InstallationService.cs
index 44441fe8..4659d9f6 100644
--- a/Oqtane.Client/Services/InstallationService.cs
+++ b/Oqtane.Client/Services/InstallationService.cs
@@ -15,7 +15,7 @@ namespace Oqtane.Services
         private readonly NavigationManager _navigationManager;
         private readonly SiteState _siteState;
 
-        public InstallationService(HttpClient http, NavigationManager navigationManager, SiteState siteState) : base(http)
+        public InstallationService(HttpClient http, SiteState siteState, NavigationManager navigationManager) : base(http, siteState)
         {
             _navigationManager = navigationManager;
             _siteState = siteState;
diff --git a/Oqtane.Client/Services/Interfaces/IUserService.cs b/Oqtane.Client/Services/Interfaces/IUserService.cs
index a3f51ebf..f56d7bad 100644
--- a/Oqtane.Client/Services/Interfaces/IUserService.cs
+++ b/Oqtane.Client/Services/Interfaces/IUserService.cs
@@ -115,5 +115,18 @@ namespace Oqtane.Services
         /// </summary>
         /// <returns></returns>
         Task<string> GetPersonalAccessTokenAsync();
+
+        /// <summary>
+        /// Link an external login with a local user account
+        /// </summary>
+        /// <param name="user">The <see cref="User"/> we're verifying</param>
+        /// <param name="token">A Hash value in the URL which verifies this user got the e-mail (containing this token)</param>
+        /// <param name="type">External Login provider type</param>
+        /// <param name="key">External Login provider key</param>
+        /// <param name="name">External Login provider display name</param>
+        /// <returns></returns>
+        Task<User> LinkUserAsync(User user, string token, string type, string key, string name);
+
+
     }
 }
diff --git a/Oqtane.Client/Services/JobLogService.cs b/Oqtane.Client/Services/JobLogService.cs
index 6c2f0a73..04c9c534 100644
--- a/Oqtane.Client/Services/JobLogService.cs
+++ b/Oqtane.Client/Services/JobLogService.cs
@@ -11,14 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class JobLogService : ServiceBase, IJobLogService
     {
-        private readonly SiteState _siteState;
+        public JobLogService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public JobLogService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("JobLog", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("JobLog");
 
         public async Task<List<JobLog>> GetJobLogsAsync()
         {
diff --git a/Oqtane.Client/Services/JobService.cs b/Oqtane.Client/Services/JobService.cs
index f4fdc281..edb43485 100644
--- a/Oqtane.Client/Services/JobService.cs
+++ b/Oqtane.Client/Services/JobService.cs
@@ -11,14 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class JobService : ServiceBase, IJobService
     {
-        private readonly SiteState _siteState;
+        public JobService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public JobService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Job", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Job");
         
         public async Task<List<Job>> GetJobsAsync()
         {
diff --git a/Oqtane.Client/Services/LanguageService.cs b/Oqtane.Client/Services/LanguageService.cs
index dc8ff89b..d9657420 100644
--- a/Oqtane.Client/Services/LanguageService.cs
+++ b/Oqtane.Client/Services/LanguageService.cs
@@ -10,16 +10,10 @@ namespace Oqtane.Services
 {
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class LanguageService : ServiceBase, ILanguageService
-    {
-        
-        private readonly SiteState _siteState;
+    {        
+        public LanguageService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public LanguageService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Language", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Language");
 
         public async Task<List<Language>> GetLanguagesAsync(int siteId)
         {
diff --git a/Oqtane.Client/Services/LocalizationService.cs b/Oqtane.Client/Services/LocalizationService.cs
index d0603997..8b45a49d 100644
--- a/Oqtane.Client/Services/LocalizationService.cs
+++ b/Oqtane.Client/Services/LocalizationService.cs
@@ -10,14 +10,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class LocalizationService : ServiceBase, ILocalizationService
     {
-        private readonly SiteState _siteState;
+        public LocalizationService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public LocalizationService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Localization", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Localization");
 
         public async Task<IEnumerable<Culture>> GetCulturesAsync() => await GetJsonAsync<IEnumerable<Culture>>(Apiurl);
     }
diff --git a/Oqtane.Client/Services/LogService.cs b/Oqtane.Client/Services/LogService.cs
index 8b158cb2..e575694e 100644
--- a/Oqtane.Client/Services/LogService.cs
+++ b/Oqtane.Client/Services/LogService.cs
@@ -14,18 +14,16 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class LogService : ServiceBase, ILogService
     {
-        
         private readonly SiteState _siteState;
         private readonly NavigationManager _navigationManager;
 
-        public LogService(HttpClient http, SiteState siteState, NavigationManager navigationManager) : base(http)
+        public LogService(HttpClient http, SiteState siteState, NavigationManager navigationManager) : base(http, siteState)
         {
-            
             _siteState = siteState;
             _navigationManager = navigationManager;
         }
 
-        private string Apiurl => CreateApiUrl("Log", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Log");
 
         public async Task<List<Log>> GetLogsAsync(int siteId, string level, string function, int rows)
         {
diff --git a/Oqtane.Client/Services/ModuleDefinitionService.cs b/Oqtane.Client/Services/ModuleDefinitionService.cs
index 202aa90d..3416e25b 100644
--- a/Oqtane.Client/Services/ModuleDefinitionService.cs
+++ b/Oqtane.Client/Services/ModuleDefinitionService.cs
@@ -14,16 +14,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class ModuleDefinitionService : ServiceBase, IModuleDefinitionService
     {
-        private readonly HttpClient _http;
-        private readonly SiteState _siteState;
+        public ModuleDefinitionService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public ModuleDefinitionService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _http = http;
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("ModuleDefinition", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("ModuleDefinition");
 
         public async Task<List<ModuleDefinition>> GetModuleDefinitionsAsync(int siteId)
         {
diff --git a/Oqtane.Client/Services/ModuleService.cs b/Oqtane.Client/Services/ModuleService.cs
index 01ec03c5..70d47d45 100644
--- a/Oqtane.Client/Services/ModuleService.cs
+++ b/Oqtane.Client/Services/ModuleService.cs
@@ -11,15 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class ModuleService : ServiceBase, IModuleService
     {
-        
-        private readonly SiteState _siteState;
+        public ModuleService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public ModuleService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Module", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Module");
 
         public async Task<List<Module>> GetModulesAsync(int siteId)
         {
diff --git a/Oqtane.Client/Services/NotificationService.cs b/Oqtane.Client/Services/NotificationService.cs
index ce710da5..3368ff0b 100644
--- a/Oqtane.Client/Services/NotificationService.cs
+++ b/Oqtane.Client/Services/NotificationService.cs
@@ -11,14 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class NotificationService : ServiceBase, INotificationService
     {
-        private readonly SiteState _siteState;
+        public NotificationService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public NotificationService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Notification", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Notification");
 
         public async Task<List<Notification>> GetNotificationsAsync(int siteId, string direction, int userId)
         {
diff --git a/Oqtane.Client/Services/PackageService.cs b/Oqtane.Client/Services/PackageService.cs
index e0dad5b0..a45c73e6 100644
--- a/Oqtane.Client/Services/PackageService.cs
+++ b/Oqtane.Client/Services/PackageService.cs
@@ -12,13 +12,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class PackageService : ServiceBase, IPackageService
     {
-        private readonly SiteState _siteState;
+        public PackageService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public PackageService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-        private string Apiurl => CreateApiUrl("Package", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Package");
 
         public async Task<List<Package>> GetPackagesAsync(string type)
         {
diff --git a/Oqtane.Client/Services/PageModuleService.cs b/Oqtane.Client/Services/PageModuleService.cs
index 4ed4fa1a..c9ebc19a 100644
--- a/Oqtane.Client/Services/PageModuleService.cs
+++ b/Oqtane.Client/Services/PageModuleService.cs
@@ -9,15 +9,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class PageModuleService : ServiceBase, IPageModuleService
     {
-        
-        private readonly SiteState _siteState;
+        public PageModuleService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public PageModuleService(HttpClient http, SiteState siteState) : base(http)
-        {            
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("PageModule", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("PageModule");
 
         public async Task<PageModule> GetPageModuleAsync(int pageModuleId)
         {
diff --git a/Oqtane.Client/Services/PageService.cs b/Oqtane.Client/Services/PageService.cs
index a1030848..e9d7991d 100644
--- a/Oqtane.Client/Services/PageService.cs
+++ b/Oqtane.Client/Services/PageService.cs
@@ -13,16 +13,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class PageService : ServiceBase, IPageService
     {
-        
-        private readonly SiteState _siteState;
+        public PageService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public PageService(HttpClient http, SiteState siteState) : base(http)
-        {
-            
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Page", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Page");
 
         public async Task<List<Page>> GetPagesAsync(int siteId)
         {
diff --git a/Oqtane.Client/Services/ProfileService.cs b/Oqtane.Client/Services/ProfileService.cs
index e19069f7..5f0f1080 100644
--- a/Oqtane.Client/Services/ProfileService.cs
+++ b/Oqtane.Client/Services/ProfileService.cs
@@ -11,15 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class ProfileService : ServiceBase, IProfileService
     {
-        
-        private readonly SiteState _siteState;
+        public ProfileService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public ProfileService(HttpClient http, SiteState siteState) : base(http)
-        {            
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Profile", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Profile");
 
         public async Task<List<Profile>> GetProfilesAsync(int siteId)
         {
diff --git a/Oqtane.Client/Services/RoleService.cs b/Oqtane.Client/Services/RoleService.cs
index 4b4fa607..6215c51d 100644
--- a/Oqtane.Client/Services/RoleService.cs
+++ b/Oqtane.Client/Services/RoleService.cs
@@ -11,16 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class RoleService : ServiceBase, IRoleService
     {
-        
-        private readonly SiteState _siteState;
+        public RoleService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public RoleService(HttpClient http, SiteState siteState) : base(http)
-        {
-            
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Role", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Role");
 
         public async Task<List<Role>> GetRolesAsync(int siteId)
         {
diff --git a/Oqtane.Client/Services/SettingService.cs b/Oqtane.Client/Services/SettingService.cs
index b87c7dfe..13177055 100644
--- a/Oqtane.Client/Services/SettingService.cs
+++ b/Oqtane.Client/Services/SettingService.cs
@@ -12,15 +12,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class SettingService : ServiceBase, ISettingService
     {
-        
-        private readonly SiteState _siteState;
+        public SettingService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public SettingService(HttpClient http, SiteState siteState) : base(http)
-        {            
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Setting", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Setting");
 
         public async Task<Dictionary<string, string>> GetTenantSettingsAsync()
         {
diff --git a/Oqtane.Client/Services/SiteService.cs b/Oqtane.Client/Services/SiteService.cs
index d9320318..1aa8a659 100644
--- a/Oqtane.Client/Services/SiteService.cs
+++ b/Oqtane.Client/Services/SiteService.cs
@@ -12,15 +12,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class SiteService : ServiceBase, ISiteService
     {
-        
-        private readonly SiteState _siteState;
+        public SiteService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public SiteService(HttpClient http, SiteState siteState) : base(http)
-        {            
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Site", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Site");
 
         public async Task<List<Site>> GetSitesAsync()
         {
diff --git a/Oqtane.Client/Services/SiteTemplateService.cs b/Oqtane.Client/Services/SiteTemplateService.cs
index 300fa1c2..1e6d5c3c 100644
--- a/Oqtane.Client/Services/SiteTemplateService.cs
+++ b/Oqtane.Client/Services/SiteTemplateService.cs
@@ -11,13 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class SiteTemplateService : ServiceBase, ISiteTemplateService
     {
-        private readonly SiteState _siteState;
+        public SiteTemplateService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public SiteTemplateService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-        private string Apiurl => CreateApiUrl("SiteTemplate", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("SiteTemplate");
 
         public async Task<List<SiteTemplate>> GetSiteTemplatesAsync()
         {
diff --git a/Oqtane.Client/Services/SqlService.cs b/Oqtane.Client/Services/SqlService.cs
index 00319953..403de7fd 100644
--- a/Oqtane.Client/Services/SqlService.cs
+++ b/Oqtane.Client/Services/SqlService.cs
@@ -9,14 +9,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class SqlService : ServiceBase, ISqlService
     {
-        private readonly SiteState _siteState;
+        public SqlService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public SqlService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Sql", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Sql");
 
         public async Task<SqlQuery> ExecuteQueryAsync(SqlQuery sqlquery)
         {
diff --git a/Oqtane.Client/Services/SyncService.cs b/Oqtane.Client/Services/SyncService.cs
index 45d2cfca..6f60d176 100644
--- a/Oqtane.Client/Services/SyncService.cs
+++ b/Oqtane.Client/Services/SyncService.cs
@@ -11,18 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class SyncService : ServiceBase, ISyncService
     {
+        public SyncService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        private readonly SiteState _siteState;
-
-        /// <summary>
-        /// Constructor - should only be used by Dependency Injection
-        /// </summary>
-        public SyncService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string ApiUrl => CreateApiUrl("Sync", _siteState.Alias);
+        private string ApiUrl => CreateApiUrl("Sync");
 
         /// <inheritdoc />
         public async Task<Sync> GetSyncAsync(DateTime lastSyncDate)
diff --git a/Oqtane.Client/Services/SystemService.cs b/Oqtane.Client/Services/SystemService.cs
index 6bc5a880..41605da2 100644
--- a/Oqtane.Client/Services/SystemService.cs
+++ b/Oqtane.Client/Services/SystemService.cs
@@ -9,14 +9,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class SystemService : ServiceBase, ISystemService
     {
-        private readonly SiteState _siteState;
+        public SystemService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public SystemService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("System", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("System");
 
         public async Task<Dictionary<string, object>> GetSystemInfoAsync()
         {
diff --git a/Oqtane.Client/Services/TenantService.cs b/Oqtane.Client/Services/TenantService.cs
index 6c02b9a9..b6343e7a 100644
--- a/Oqtane.Client/Services/TenantService.cs
+++ b/Oqtane.Client/Services/TenantService.cs
@@ -11,14 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class TenantService : ServiceBase, ITenantService
     {
-        private readonly SiteState _siteState;
+        public TenantService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public TenantService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Tenant", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Tenant");
 
         public async Task<List<Tenant>> GetTenantsAsync()
         {
diff --git a/Oqtane.Client/Services/ThemeService.cs b/Oqtane.Client/Services/ThemeService.cs
index 0874dd32..a62b779f 100644
--- a/Oqtane.Client/Services/ThemeService.cs
+++ b/Oqtane.Client/Services/ThemeService.cs
@@ -11,14 +11,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class ThemeService : ServiceBase, IThemeService
     {
-        private readonly SiteState _siteState;
+        public ThemeService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public ThemeService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string ApiUrl => CreateApiUrl("Theme", _siteState.Alias);
+        private string ApiUrl => CreateApiUrl("Theme");
 
         public async Task<List<Theme>> GetThemesAsync()
         {
diff --git a/Oqtane.Client/Services/UrlMappingService.cs b/Oqtane.Client/Services/UrlMappingService.cs
index 121e818b..55f381e3 100644
--- a/Oqtane.Client/Services/UrlMappingService.cs
+++ b/Oqtane.Client/Services/UrlMappingService.cs
@@ -12,16 +12,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class UrlMappingService : ServiceBase, IUrlMappingService
     {
-        
-        private readonly SiteState _siteState;
+        public UrlMappingService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public UrlMappingService(HttpClient http, SiteState siteState) : base(http)
-        {
-            
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("UrlMapping", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("UrlMapping");
 
         public async Task<List<UrlMapping>> GetUrlMappingsAsync(int siteId, bool isMapped)
         {
diff --git a/Oqtane.Client/Services/UserRoleService.cs b/Oqtane.Client/Services/UserRoleService.cs
index 1bb35450..fad8205b 100644
--- a/Oqtane.Client/Services/UserRoleService.cs
+++ b/Oqtane.Client/Services/UserRoleService.cs
@@ -10,15 +10,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class UserRoleService : ServiceBase, IUserRoleService
     {
-        
-        private readonly SiteState _siteState;
+        public UserRoleService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public UserRoleService(HttpClient http, SiteState siteState) : base(http)
-        {            
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("UserRole", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("UserRole");
 
         public async Task<List<UserRole>> GetUserRolesAsync(int siteId)
         {
diff --git a/Oqtane.Client/Services/UserService.cs b/Oqtane.Client/Services/UserService.cs
index c0b25edc..24440df5 100644
--- a/Oqtane.Client/Services/UserService.cs
+++ b/Oqtane.Client/Services/UserService.cs
@@ -10,14 +10,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class UserService : ServiceBase, IUserService
     {
-        private readonly SiteState _siteState;
+        public UserService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public UserService(HttpClient http, SiteState siteState) : base(http)
-        {
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("User", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("User");
 
         public async Task<User> GetUserAsync(int userId, int siteId)
         {
@@ -89,5 +84,11 @@ namespace Oqtane.Services
         {
             return await GetStringAsync($"{Apiurl}/personalaccesstoken");
         }
+
+        public async Task<User> LinkUserAsync(User user, string token, string type, string key, string name)
+        {
+            return await PostJsonAsync<User>($"{Apiurl}/link?token={token}&type={type}&key={key}&name={name}", user);
+        }
+
     }
 }
diff --git a/Oqtane.Client/Services/VisitorService.cs b/Oqtane.Client/Services/VisitorService.cs
index 730ca5d4..9febe7f9 100644
--- a/Oqtane.Client/Services/VisitorService.cs
+++ b/Oqtane.Client/Services/VisitorService.cs
@@ -12,16 +12,9 @@ namespace Oqtane.Services
     [PrivateApi("Don't show in the documentation, as everything should use the Interface")]
     public class VisitorService : ServiceBase, IVisitorService
     {
-        
-        private readonly SiteState _siteState;
+        public VisitorService(HttpClient http, SiteState siteState) : base(http, siteState) { }
 
-        public VisitorService(HttpClient http, SiteState siteState) : base(http)
-        {
-            
-            _siteState = siteState;
-        }
-
-        private string Apiurl => CreateApiUrl("Visitor", _siteState.Alias);
+        private string Apiurl => CreateApiUrl("Visitor");
 
         public async Task<List<Visitor>> GetVisitorsAsync(int siteId, DateTime fromDate)
         {
diff --git a/Oqtane.Server/Controllers/FileController.cs b/Oqtane.Server/Controllers/FileController.cs
index 34c2ab2a..e13f770c 100644
--- a/Oqtane.Server/Controllers/FileController.cs
+++ b/Oqtane.Server/Controllers/FileController.cs
@@ -137,6 +137,7 @@ namespace Oqtane.Controllers
             {
                 if (File.Name != file.Name || File.FolderId != file.FolderId)
                 {
+                    file.Folder = _folders.GetFolder(file.FolderId);
                     string folderpath = _folders.GetFolderPath(file.Folder);
                     if (!Directory.Exists(folderpath))
                     {
diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs
index c7743fb8..bf29e842 100644
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@@ -203,7 +203,7 @@ namespace Oqtane.Controllers
                     else
                     {
                         string url = HttpContext.Request.Scheme + "://" + _tenantManager.GetAlias().Name;
-                        string body = "Dear " + user.DisplayName + ",\n\nA User Account Has Been Succesfully Created For You. Please Use The Following Link To Access The Site:\n\n" + url + "\n\nThank You!";
+                        string body = "Dear " + user.DisplayName + ",\n\nA User Account Has Been Successfully Created For You. Please Use The Following Link To Access The Site:\n\n" + url + "\n\nThank You!";
                         var notification = new Notification(user.SiteId, newUser, "User Account Notification", body);
                         _notifications.AddNotification(notification);
                     }
@@ -419,7 +419,7 @@ namespace Oqtane.Controllers
                     }
                     else
                     {
-                        _logger.Log(LogLevel.Error, this, LogFunction.Security, "Email Verification Failed For {Username} - Error {Error}", user.Username, result.Errors.ToString());
+                        _logger.Log(LogLevel.Error, this, LogFunction.Security, "Email Verification Failed For {Username} - Error {Error}", user.Username, string.Join(" ", result.Errors.ToList().Select(e => e.Description)));
                         user = null;
                     }
                 }
@@ -477,7 +477,7 @@ namespace Oqtane.Controllers
                     }
                     else
                     {
-                        _logger.Log(LogLevel.Error, this, LogFunction.Security, "Password Reset Failed For {Username} - Error {Error}", user.Username, result.Errors.ToString());
+                        _logger.Log(LogLevel.Information, this, LogFunction.Security, "Password Reset Failed For {Username} - Error {Error}", user.Username, string.Join(" ", result.Errors.ToList().Select(e => e.Description)));
                         user = null;
                     }
                 }
@@ -511,6 +511,38 @@ namespace Oqtane.Controllers
             return loginUser;
         }
 
+        // POST api/<controller>/link
+        [HttpPost("link")]
+        public async Task<User> Link([FromBody] User user, string token, string type, string key, string name)
+        {
+            if (ModelState.IsValid)
+            {
+                IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username);
+                if (identityuser != null && !string.IsNullOrEmpty(token))
+                {
+                    var result = await _identityUserManager.ConfirmEmailAsync(identityuser, token);
+                    if (result.Succeeded)
+                    {
+                        // make LoginProvider multi-tenant aware
+                        type += ":" + user.SiteId.ToString();
+                        await _identityUserManager.AddLoginAsync(identityuser, new UserLoginInfo(type, key, name));
+                        _logger.Log(LogLevel.Information, this, LogFunction.Security, "External Login Linkage Successful For {Username} And Provider {Provider}", user.Username, type);
+                    }
+                    else
+                    {
+                        _logger.Log(LogLevel.Error, this, LogFunction.Security, "External Login Linkage Failed For {Username} - Error {Error}", user.Username, string.Join(" ", result.Errors.ToList().Select(e => e.Description)));
+                        user = null;
+                    }
+                }
+            }
+            else
+            {
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "External Login Linkage Failed For {Username} And Token {Token}", user.Username, token);
+                user = null;
+            }
+            return user;
+        }
+
         // GET api/<controller>/validate/x
         [HttpGet("validate/{password}")]
         public async Task<bool> Validate(string password)
diff --git a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
index 6b22574a..65182b1d 100644
--- a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
@@ -18,6 +18,7 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Text.RegularExpressions;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using System.Net;
 
 namespace Oqtane.Extensions
 {
@@ -147,7 +148,13 @@ namespace Oqtane.Extensions
             }
 
             // login user
-            await LoginUser(email, context.HttpContext, context.Principal);
+            var status = await LoginUser(email, context.HttpContext, context.Principal);
+            if (status != ExternalLoginStatus.Success)
+            {
+                // redirect to login page and pass status
+                var alias = context.HttpContext.GetAlias();
+                context.Response.Redirect($"{alias.Path}/login?status={status}&returnurl={context.Properties.RedirectUri}", true);
+            };
         }
 
         private static async Task OnTokenValidated(TokenValidatedContext context)
@@ -157,7 +164,14 @@ namespace Oqtane.Extensions
             var email = context.Principal.FindFirstValue(emailClaimType);
 
             // login user
-            await LoginUser(email, context.HttpContext, context.Principal);
+            var status = await LoginUser(email, context.HttpContext, context.Principal);
+            if (status != ExternalLoginStatus.Success)
+            {
+                // redirect to login page and pass status
+                var alias = context.HttpContext.GetAlias();
+                context.Response.Redirect($"{alias.Path}/login?status={status}&returnurl={context.Properties.RedirectUri}", true);
+                context.HandleResponse();
+            }
         }
 
         private static Task OnAccessDenied(AccessDeniedContext context)
@@ -166,7 +180,7 @@ namespace Oqtane.Extensions
             _logger.Log(LogLevel.Information, "ExternalLogin", Enums.LogFunction.Security, "External Login Access Denied - User May Have Cancelled Their External Login Attempt");
             // redirect to login page
             var alias = context.HttpContext.GetAlias();
-            context.Response.Redirect(alias.Path + "/login?returnurl=" + context.Properties.RedirectUri, true);
+            context.Response.Redirect($"{alias.Path}/login?returnurl={context.Properties.RedirectUri}", true);
             context.HandleResponse();
             return Task.CompletedTask;
         }
@@ -177,20 +191,22 @@ namespace Oqtane.Extensions
             _logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "External Login Remote Failure - {Error}", context.Failure.Message);
             // redirect to login page
             var alias = context.HttpContext.GetAlias();
-            context.Response.Redirect(alias.Path + "/login", true);
+            context.Response.Redirect($"{alias.Path}/login", true);
             context.HandleResponse();
             return Task.CompletedTask;
         }
 
-        private static async Task LoginUser(string email, HttpContext httpContext, ClaimsPrincipal claimsPrincipal)
+        private static async Task<ExternalLoginStatus> LoginUser(string email, HttpContext httpContext, ClaimsPrincipal claimsPrincipal)
         {
             var _logger = httpContext.RequestServices.GetRequiredService<ILogManager>();
+            var status = ExternalLoginStatus.Success;
 
             if (EmailValid(email, httpContext.GetSiteSettings().GetValue("ExternalLogin:DomainFilter", "")))
             {
                 var _identityUserManager = httpContext.RequestServices.GetRequiredService<UserManager<IdentityUser>>();
                 var _users = httpContext.RequestServices.GetRequiredService<IUserRepository>();
                 var _userRoles = httpContext.RequestServices.GetRequiredService<IUserRoleRepository>();
+                var alias = httpContext.GetAlias();
                 var providerType = httpContext.GetSiteSettings().GetValue("ExternalLogin:ProviderType", "");
                 var providerName = httpContext.GetSiteSettings().GetValue("ExternalLogin:ProviderName", "");
                 var providerKey = claimsPrincipal.FindFirstValue(ClaimTypes.NameIdentifier);
@@ -215,6 +231,7 @@ namespace Oqtane.Extensions
                 {
                     if (duplicates)
                     {
+                        status = ExternalLoginStatus.DuplicateEmail;
                         _logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "Multiple Users Exist With Email Address {Email}. Login Denied.", email);
                     }
                     else
@@ -230,7 +247,7 @@ namespace Oqtane.Extensions
                             {
                                 user = new User
                                 {
-                                    SiteId = httpContext.GetAlias().SiteId,
+                                    SiteId = alias.SiteId,
                                     Username = email,
                                     DisplayName = email,
                                     Email = email,
@@ -242,7 +259,7 @@ namespace Oqtane.Extensions
                                 if (user != null)
                                 {
                                     var _notifications = httpContext.RequestServices.GetRequiredService<INotificationRepository>();
-                                    string url = httpContext.Request.Scheme + "://" + httpContext.GetAlias().Name;
+                                    string url = httpContext.Request.Scheme + "://" + alias.Name;
                                     string body = "You Recently Used An External Account To Sign In To Our Site.\n\n" + url + "\n\nThank You!";
                                     var notification = new Notification(user.SiteId, user, "User Account Notification", body);
                                     _notifications.AddNotification(notification);
@@ -254,16 +271,19 @@ namespace Oqtane.Extensions
                                 }
                                 else
                                 {
+                                    status = ExternalLoginStatus.UserNotCreated;
                                     _logger.Log(user.SiteId, LogLevel.Error, "ExternalLogin", Enums.LogFunction.Create, "Unable To Add User {Email}", email);
                                 }
                             }
                             else
                             {
+                                status = ExternalLoginStatus.UserNotCreated;
                                 _logger.Log(user.SiteId, LogLevel.Error, "ExternalLogin", Enums.LogFunction.Create, "Unable To Add Identity User {Email} {Error}", email, result.Errors.ToString());
                             }
                         }
                         else
                         {
+                            status = ExternalLoginStatus.UserDoesNotExist;
                             _logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "Creation Of New Users Is Disabled For This Site. User With Email Address {Email} Will First Need To Be Registered On The Site.", email);
                         }
                     }
@@ -271,7 +291,7 @@ namespace Oqtane.Extensions
                 else
                 {
                     var logins = await _identityUserManager.GetLoginsAsync(identityuser);
-                    var login = logins.FirstOrDefault(item => item.LoginProvider == providerType);
+                    var login = logins.FirstOrDefault(item => item.LoginProvider == (providerType + ":" + alias.SiteId.ToString()));
                     if (login != null)
                     {
                         if (login.ProviderKey == providerKey)
@@ -281,15 +301,23 @@ namespace Oqtane.Extensions
                         else
                         {
                             // provider keys do not match
+                            status = ExternalLoginStatus.ProviderKeyMismatch;
                             _logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "Provider Key Does Not Match For User {Username}. Login Denied.", identityuser.UserName);
                         }
                     }
                     else
                     {
-                        // add user login
-                        await _identityUserManager.AddLoginAsync(identityuser, new UserLoginInfo(providerType, providerKey, ""));
-                        user = _users.GetUser(identityuser.UserName);
-                        _logger.Log(user.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "External User Login Added For {Email} Using Provider {Provider}", email, providerName);
+                        // new external login using existing user account - verification required
+                        var _notifications = httpContext.RequestServices.GetRequiredService<INotificationRepository>();
+                        string token = await _identityUserManager.GenerateEmailConfirmationTokenAsync(identityuser);
+                        string url = httpContext.Request.Scheme + "://" + alias.Name;
+                        url += $"/login?name={identityuser.UserName}&token={WebUtility.UrlEncode(token)}&key={WebUtility.UrlEncode(providerKey)}";
+                        string body = $"You Recently Signed In To Our Site With {providerName} Using The Email Address {email}. ";
+                        body += "In Order To Complete The Linkage Of Your User Account Please Click The Link Displayed Below:\n\n" + url + "\n\nThank You!";
+                        var notification = new Notification(alias.SiteId, email, email, "External Login Linkage", body);
+                        _notifications.AddNotification(notification);
+                        status = ExternalLoginStatus.VerificationRequired;
+                        _logger.Log(alias.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "External Login Linkage Verification For Provider {Provider} Sent To {Email}", providerName, email);
                     }
                 }
 
@@ -297,8 +325,8 @@ namespace Oqtane.Extensions
                 if (user != null)
                 {
                     var principal = (ClaimsIdentity)claimsPrincipal.Identity;
-                    UserSecurity.ResetClaimsIdentity(principal);
-                    var identity = UserSecurity.CreateClaimsIdentity(httpContext.GetAlias(), user, _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList());
+                    UserSecurity.ResetClaimsIdentity(principal);                    
+                    var identity = UserSecurity.CreateClaimsIdentity(alias, user, _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList());
                     principal.AddClaims(identity.Claims);
 
                     // update user
@@ -307,13 +335,10 @@ namespace Oqtane.Extensions
                     _users.UpdateUser(user);
                     _logger.Log(LogLevel.Information, "ExternalLogin", Enums.LogFunction.Security, "External User Login Successful For {Username} Using Provider {Provider}", user.Username, providerName);
                 }
-                else // user not valid
-                {
-                    await httpContext.SignOutAsync();
-                }
             }
             else // email invalid
             {
+                status = ExternalLoginStatus.InvalidEmail;
                 if (!string.IsNullOrEmpty(email))
                 {
                     _logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "The Email Address {Email} Is Invalid Or Does Not Match The Domain Filter Criteria. Login Denied.", email);
@@ -330,8 +355,8 @@ namespace Oqtane.Extensions
                         _logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "Provider Did Not Return An Email To Uniquely Identify The User.");
                     }
                 }
-                await httpContext.SignOutAsync();
             }
+            return status;
         }
 
         private static bool EmailValid(string email, string domainfilter)
diff --git a/Oqtane.Server/Pages/Login.cshtml.cs b/Oqtane.Server/Pages/Login.cshtml.cs
index 345a4bd8..c6e05d40 100644
--- a/Oqtane.Server/Pages/Login.cshtml.cs
+++ b/Oqtane.Server/Pages/Login.cshtml.cs
@@ -9,7 +9,6 @@ namespace Oqtane.Pages
     [AllowAnonymous]
     public class LoginModel : PageModel
     {
-
         private readonly UserManager<IdentityUser> _identityUserManager;
         private readonly SignInManager<IdentityUser> _identitySignInManager;
 
diff --git a/Oqtane.Server/Security/PrincipalValidator.cs b/Oqtane.Server/Security/PrincipalValidator.cs
index 787afce0..5a15a2b2 100644
--- a/Oqtane.Server/Security/PrincipalValidator.cs
+++ b/Oqtane.Server/Security/PrincipalValidator.cs
@@ -50,15 +50,15 @@ namespace Oqtane.Security
                                 else
                                 {
                                     // user has no roles - remove principal
-                                    context.RejectPrincipal();
                                     Log(_logger, alias, "Permissions Removed For User {Username} Accessing {Url}", context.Principal.Identity.Name, path);
+                                    context.RejectPrincipal();
                                 }
                             }
                             else
                             {
                                 // user does not exist - remove principal
-                                context.RejectPrincipal();
                                 Log(_logger, alias, "Permissions Removed For User {Username} Accessing {Url}", context.Principal.Identity.Name, path);
+                                context.RejectPrincipal();
                             }
                         }
                     }
diff --git a/Oqtane.Server/Startup.cs b/Oqtane.Server/Startup.cs
index afadb1e4..1ceeb4bc 100644
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@@ -99,7 +99,6 @@ namespace Oqtane
                 options.Cookie.Name = Constants.AntiForgeryTokenCookieName;
                 options.Cookie.SameSite = SameSiteMode.Strict;
                 options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
-                //options.Cookie.HttpOnly = false;
             });
 
             services.AddIdentityCore<IdentityUser>(options => { })
@@ -114,6 +113,7 @@ namespace Oqtane
                 {
                     options.DefaultAuthenticateScheme = Constants.AuthenticationScheme;
                     options.DefaultChallengeScheme = Constants.AuthenticationScheme;
+                    options.DefaultSignOutScheme = Constants.AuthenticationScheme;
                 })
                 .AddCookie(Constants.AuthenticationScheme)
                 .AddOpenIdConnect(AuthenticationProviderTypes.OpenIDConnect, options => { })
@@ -130,7 +130,7 @@ namespace Oqtane
 
             services.AddMvc(options =>
             {
-                options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
+                //options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
             })
             .AddNewtonsoftJson()
             .AddOqtaneApplicationParts() // register any Controllers from custom modules
diff --git a/Oqtane.Shared/Enums/ExternalLoginStatus.cs b/Oqtane.Shared/Enums/ExternalLoginStatus.cs
new file mode 100644
index 00000000..105862af
--- /dev/null
+++ b/Oqtane.Shared/Enums/ExternalLoginStatus.cs
@@ -0,0 +1,13 @@
+namespace Oqtane.Shared
+{
+    public enum ExternalLoginStatus
+    {
+        Success,
+        InvalidEmail,
+        DuplicateEmail,
+        UserNotCreated,
+        UserDoesNotExist,
+        ProviderKeyMismatch,
+        VerificationRequired
+    }
+}