Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Dev
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Re: C# API: Getting 403 when calling service.LogOf...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
C# API: Getting 403 when calling service.LogOffAsync()
howlingfang
New Member
06-22-2016
10:26 AM
I am able to use the C# API to connect to our Splunk server and to perform searches and retrieve the results. If I just let the program end without calling LogOffAsync, all is good and the process ends. If I try and be a good client citizen and call LogOffAsync before terminating the program, the LogOff call is resulting in an Exception with the following exception detail:
System.AggregateException was unhandled
HResult=-2146233088
Message=One or more errors occurred.
Source=mscorlib
StackTrace:
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at RestClient.Program.Main(String[] args) in c:\source\sandbox\SplunkHelloWorld\SplunkHelloWorld\Program.cs:line 29
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
InnerException: Splunk.Client.UnauthorizedAccessException
HResult=-2146233088
Message=403: Forbidden
Error:
In handler 'httpauth-tokens': You (user=[my splunk user]) do not have permission to perform this operation (requires capability: edit_httpauths).
Source=Splunk.Client
StackTrace:
at Splunk.Client.Response.<ThrowRequestExceptionAsync>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult()
at Splunk.Client.Response.<EnsureStatusCodeAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult()
at Splunk.Client.Service.<LogOffAsync>d__36.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at RestClient.Program.<ConnectSplunkSdk>d__16.MoveNext() in
my program
It doesn't seem reasonable that I would have to have edit_httpauths permission just to LogOff. Am I missing something? Why would it be excepting?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jkat54
SplunkTrust
07-19-2016
04:53 AM
In handler 'httpauth-tokens': You (user=[my splunk user]) do not have permission to perform this operation (requires capability: edit_httpauths)
So what happens if you give your role the "edit_httpauths" capability?
It's perfectly reasonable in my opinion. It's obvious the call to service.LogOffAsync requires this capability/privilege. It probably resets the users auth token or something more that you're not thinking it does. I have never pressed a "logout" button in Splunk. Have you? It's not required IMHO and I think you're going above and beyond and creating trouble for yourself.
If you want Splunk support, submitt a ticket.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
howlingfang
New Member
07-14-2016
07:33 AM
Bump - no Splunk support want to weigh in?
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas
Thursday, June 25, 2026 | 11AM PDT / 2PM EDT
Duration: 1 Hour (Includes live Q&A)
Register to ...
Analytics Workspace deprecation
As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...
Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform
Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...
