/// <summary> /// Indicates if the provided character id is valid for the user in the message context. /// </summary> /// <param name="characterId">The id to check.</param> /// <param name="characterRepository">The character repository service.</param> /// <returns>True if the character id is valid/</returns> private async Task <bool> IsCharacterIdValidForUser(int characterId, ICharacterRepository characterRepository) { //We only support positive character ids so if they request a less than 0 it's invalid and likely spoofed //or if they request an id they don't own //or if it's an not a known character return(characterId >= 0 && await characterRepository.ContainsAsync(characterId) && (await characterRepository.RetrieveAsync(characterId)).AccountId == ClaimsReader.GetUserIdInt(User)); }