diff --git a/SecurityService.BusinessLogic/RequestHandlers/UserRequestHandler.cs b/SecurityService.BusinessLogic/RequestHandlers/UserRequestHandler.cs
index f0019291..5623b7f0 100644
--- a/SecurityService.BusinessLogic/RequestHandlers/UserRequestHandler.cs
+++ b/SecurityService.BusinessLogic/RequestHandlers/UserRequestHandler.cs
@@ -110,7 +110,7 @@ public async Task<Result> Handle(SecurityServiceCommands.CreateUserCommand comma
                 confirmationToken = UrlEncoder.Default.Encode(confirmationToken);
                 String uri = $"{this.ServiceOptions.PublicOrigin}/Account/EmailConfirmation/Confirm?userName={newIdentityUser.UserName}&confirmationToken={confirmationToken}";
 
-                TokenResponse token = await this.GetToken(cancellationToken);
+                TokenResponse token = await this.GetToken();
                 SendEmailRequest emailRequest = this.BuildEmailConfirmationRequest(newIdentityUser, uri);
                 sendEmailResult = await this.MessagingServiceClient.SendEmail(token.AccessToken, emailRequest, cancellationToken);
                 if (sendEmailResult.IsFailed)
@@ -368,7 +368,7 @@ public async Task<Result> Handle(SecurityServiceCommands.ProcessPasswordResetReq
             resetToken = UrlEncoder.Default.Encode(resetToken);
             String uri = $"{this.ServiceOptions.PublicOrigin}/Account/ForgotPassword/Confirm?userName={user.UserName}&resetToken={resetToken}&clientId={command.ClientId}";
 
-            TokenResponse token = await this.GetToken(cancellationToken);
+            TokenResponse token = await this.GetToken();
             SendEmailRequest emailRequest = this.BuildPasswordResetEmailRequest(user, uri);
             
             Result result = await this.MessagingServiceClient.SendEmail(token.AccessToken, emailRequest, cancellationToken);
@@ -387,7 +387,7 @@ public async Task<Result> Handle(SecurityServiceCommands.SendWelcomeEmailCommand
             await this.UserManager.AddPasswordAsync(i, generatedPasswordResult.Data);
 
             // Send Email
-            TokenResponse token = await this.GetToken(cancellationToken);
+            TokenResponse token = await this.GetToken();
             SendEmailRequest emailRequest = this.BuildWelcomeEmail(i.Email, generatedPasswordResult.Data);
             Result result = await this.MessagingServiceClient.SendEmail(token.AccessToken, emailRequest, cancellationToken);
             if (result.IsFailed)
@@ -497,7 +497,7 @@ private async Task<List<String>> ConvertUsersRoles(ApplicationUser identityUser)
             return roles.ToList();
         }
         
-        private async Task<TokenResponse> GetToken(CancellationToken cancellationToken){
+        private async Task<TokenResponse> GetToken(){
             // Get a token to talk to the estate service
             String clientId = this.ServiceOptions.ClientId;
             String clientSecret = this.ServiceOptions.ClientSecret;
diff --git a/SecurityService.UnitTests/ModelFactoryTests.cs b/SecurityService.UnitTests/ModelFactoryTests.cs
index caf7dc27..55a24e38 100644
--- a/SecurityService.UnitTests/ModelFactoryTests.cs
+++ b/SecurityService.UnitTests/ModelFactoryTests.cs
@@ -423,7 +423,8 @@ public void ModelFactory_ConvertFrom_ListUserDetails_ListIsEmpty_NullReturned()
 
             List<DataTransferObjects.Responses.UserDetails> userDetailsDtoList = modelFactory.ConvertFrom(userDetailsModelList);
 
-            userDetailsDtoList.ShouldBeNull();
+            userDetailsDtoList.ShouldNotBeNull();
+            userDetailsDtoList.ShouldBeEmpty();
         }
 
         [Fact]
@@ -435,7 +436,8 @@ public void ModelFactory_ConvertFrom_ListUserDetails_ListIsNull_NullReturned()
 
             List<DataTransferObjects.Responses.UserDetails> userDetailsDtoList = modelFactory.ConvertFrom(userDetailsModelList);
 
-            userDetailsDtoList.ShouldBeNull();
+            userDetailsDtoList.ShouldNotBeNull();
+            userDetailsDtoList.ShouldBeEmpty();
         }
 
         [Fact]
diff --git a/SecurityService.UserInterface/Pages/Account/AccessDenied.cshtml.cs b/SecurityService.UserInterface/Pages/Account/AccessDenied.cshtml.cs
index 6ef5f175..4f97ddda 100644
--- a/SecurityService.UserInterface/Pages/Account/AccessDenied.cshtml.cs
+++ b/SecurityService.UserInterface/Pages/Account/AccessDenied.cshtml.cs
@@ -6,5 +6,6 @@ public class AccessDeniedModel : PageModel
 {
     public void OnGet()
     {
+        // No special processing required
     }
 }
\ No newline at end of file
diff --git a/SecurityService.UserInterface/Pages/Account/Login/Index.cshtml.cs b/SecurityService.UserInterface/Pages/Account/Login/Index.cshtml.cs
index efb05c39..64f7d757 100644
--- a/SecurityService.UserInterface/Pages/Account/Login/Index.cshtml.cs
+++ b/SecurityService.UserInterface/Pages/Account/Login/Index.cshtml.cs
@@ -130,7 +130,7 @@ public async Task<IActionResult> OnPost()
                 else
                 {
                     // user might have clicked on a malicious link - should be logged
-                    throw new Exception("invalid return URL");
+                    throw new ArgumentException("invalid return URL");
                 }
             }
 
diff --git a/SecurityService/Factories/ModelFactory.cs b/SecurityService/Factories/ModelFactory.cs
index 5f798139..3298cabf 100644
--- a/SecurityService/Factories/ModelFactory.cs
+++ b/SecurityService/Factories/ModelFactory.cs
@@ -65,7 +65,7 @@ public List<UserDetails> ConvertFrom(List<Models.UserDetails> model)
         {
             if (model == null || model.Any() == false)
             {
-                return null;
+                return new List<UserDetails>();
             }
 
             List<UserDetails> userDetailsList = new List<UserDetails>();