public IHttpActionResult GetProfile(int contactId) { return(Authorized(token => { try { // does the logged in user have permission to view this contact? //TODO: Move this security logic to MP, if for some reason we absulutly can't then centerlize all security logic that exists in the gateway var family = _serveService.GetImmediateFamilyParticipants(token); Person person = null; if (family.Where(f => f.ContactId == contactId).ToList().Count > 0) { person = _personService.GetPerson(contactId); } if (person == null) { return Unauthorized(); } return Ok(person); } catch (Exception e) { var apiError = new ApiErrorDto("Get Profile Failed", e); throw new HttpResponseException(apiError.HttpResponseMessage); } })); }