https://community.splunk.com/t5/Splunk-Dev/C-API-Getting-403-when-calling-service-LogOffAsync/m-p/216858#M2856 <P>Bump - no Splunk support want to weigh in?</P> Thu, 14 Jul 2016 14:33:47 GMT howlingfang 2016-07-14T14:33:47Z https://community.splunk.com/t5/Splunk-Dev/C-API-Getting-403-when-calling-service-LogOffAsync/m-p/216857#M2855 <P>I am able to use the C# API to connect to our Splunk server and to perform searches and retrieve the results. If I just let the program end without calling LogOffAsync, all is good and the process ends. If I try and be a good client citizen and call LogOffAsync before terminating the program, the LogOff call is resulting in an Exception with the following exception detail:</P> <PRE><CODE>System.AggregateException was unhandled HResult=-2146233088 Message=One or more errors occurred. Source=mscorlib StackTrace: at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at System.Threading.Tasks.Task.Wait() at RestClient.Program.Main(String[] args) in c:\source\sandbox\SplunkHelloWorld\SplunkHelloWorld\Program.cs:line 29 at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args) at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args) at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() InnerException: Splunk.Client.UnauthorizedAccessException HResult=-2146233088 Message=403: Forbidden Error: In handler 'httpauth-tokens': You (user=[my splunk user]) do not have permission to perform this operation (requires capability: edit_httpauths). Source=Splunk.Client StackTrace: at Splunk.Client.Response.&lt;ThrowRequestExceptionAsync&gt;d__17.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult() at Splunk.Client.Response.&lt;EnsureStatusCodeAsync&gt;d__11.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult() at Splunk.Client.Service.&lt;LogOffAsync&gt;d__36.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult() at RestClient.Program.&lt;ConnectSplunkSdk&gt;d__16.MoveNext() in my program </CODE></PRE> <P>It doesn't seem reasonable that I would have to have edit_httpauths permission just to LogOff. Am I missing something? Why would it be excepting?</P> Wed, 22 Jun 2016 17:26:39 GMT https://community.splunk.com/t5/Splunk-Dev/C-API-Getting-403-when-calling-service-LogOffAsync/m-p/216857#M2855 howlingfang 2016-06-22T17:26:39Z https://community.splunk.com/t5/Splunk-Dev/C-API-Getting-403-when-calling-service-LogOffAsync/m-p/216858#M2856 <P>Bump - no Splunk support want to weigh in?</P> Thu, 14 Jul 2016 14:33:47 GMT https://community.splunk.com/t5/Splunk-Dev/C-API-Getting-403-when-calling-service-LogOffAsync/m-p/216858#M2856 howlingfang 2016-07-14T14:33:47Z https://community.splunk.com/t5/Splunk-Dev/C-API-Getting-403-when-calling-service-LogOffAsync/m-p/216859#M2857 <PRE><CODE> In handler 'httpauth-tokens': You (user=[my splunk user]) do not have permission to perform this operation (requires capability: edit_httpauths) </CODE></PRE> <P>So what happens if you give your role the "edit_httpauths" capability?</P> <P>It's perfectly reasonable in my opinion. It's obvious the call to service.LogOffAsync requires this capability/privilege. It probably resets the users auth token or something more that you're not thinking it does. I have never pressed a "logout" button in Splunk. Have you? It's not required IMHO and I think you're going above and beyond and creating trouble for yourself.</P> <P>If you want Splunk support, submitt a ticket. </P> Tue, 19 Jul 2016 11:53:00 GMT https://community.splunk.com/t5/Splunk-Dev/C-API-Getting-403-when-calling-service-LogOffAsync/m-p/216859#M2857 jkat54 2016-07-19T11:53:00Z