public IHttpActionResult AddUserIndicesWithoutAuthorization(long id, List <string> tickers) { using (Models.ChallengeContext cc = new Models.ChallengeContext()) { Models.User user = cc.Users .FirstOrDefault(u => u.UserId == id); if (user == null) { return(BadRequest("user not found")); } else { try { List <Models.Index> indices = cc.Indices .Where(i => tickers.Contains(i.Ticker)) .ToList(); foreach (Models.Index index in indices) { if (!user.Indices.Contains(index)) { user.Indices.Add(index); } } cc.SaveChanges(); } catch (Exception e) { // terrible error handling return(InternalServerError(e)); } } return(Json(JsonObjects.Jsonify(user.Indices.ToList()))); } }