Can't update user's AccountStatus; get 403 Forbidden error

This question is answered

Posted by Robert Miller

on Mon, Nov 22 2010 9:36 PM

Hi there,

We are trying to update the AccountStatus field for selected users using the older, v1 API. Unfortunately, when I submit the request, I keep getting a 403 Forbidden error on line 8 (see below). At the moment, we are running Telligent Community 5.5.134.12297.I didn't include the code for our CreateWebClient() method but we've used it successfully to create, update, and remove user accounts.

Here is a simplified version of the problematic code:

// CreateWebClient() creates a WebClient object with the Rest-User-Token and optional Rest-Method in the header.
using ( WebClient webClient = CreateWebClient( RestMethod.PUT ) )
{
    byte[] output = null;
    string postUrl = "http://ourwebsite.edu/api/membership.ashx/users/2726";
    string data = "<Request><User><Status><AccountStatus>Disapproved</AccountStatus></Status></User></Request>";
 
    output = webClient.UploadData( postUrl, "POST", Encoding.UTF8.GetBytes( data ) );
    string outputString = Encoding.UTF8.GetString( output );
    success = true;
}

I've tried removing the <request> node from the data string but receive the same error. Am I missing something or has the membership API been removed or broken in 5.5.134.12297?

Verified Answer

Posted by Dan Hounshell

on Tue, Nov 23 2010 2:36 PM

No, the membership API has not been removed in 5.5 or 5.6. Nothing has changed in the v1 API in quite a while. I'm looking into this specific issue now.

Posted by Dan Hounshell

on Tue, Nov 23 2010 4:19 PM

Verified Answer

Verified by Robert Miller

I used the following code to update a user's status and it worked fine.

MembershipService _service = new MembershipService(_url, _username, _apikey);

user = _service.GetUser("bob12");

user.Status.AccountStatus = UserAccountStatus.Disapproved;

user.Update();

Using Fiddler to examine the payload that was delivered, I see that when using the client API as I did, an XML payload with all the user's details are delivered, not just the single node that you tried to send. I'm not sure if that is the difference that is causing your request to fail. But I'd suggest using the client API in this scenario.

Posted by Robert Miller

on Tue, Nov 23 2010 7:11 PM

Thanks, Dan. Unfortunately, this code belongs to an external application that needs a way to communicate with Telligent Community remotely, so using the internal API isn't a workable solution in this case. Have you—or anyone—been able to update the <AccountStatus> node using the REST API?

Just FYI, I tried requesting a user's information using the v1 membership API and then sent the unchanged xml back in an update request, but I received the same 403 Forbidden error. For reference, here is the XML that I submitted:

<?xml version="1.0" encoding="utf-8"?>
<User xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Id="2726" Endpoint="http://oursite.edu/api/membership.ashx/users/2726">
<Username>buckfurrent</Username>
<DisplayName>Tony Buckfurren</DisplayName>
<Signature/>
<Biography><p>I am a virtual sidekick for Robert Miller, the District Webmaster.</p></Biography>
<Points>230</Points>
<JoinDate>2009-09-17T16:40:01-07:00</JoinDate>
<TotalPosts>30</TotalPosts>
<UserRank/>
<RecommendedReading/>
<AvatarUrl>http://oursite.edu/cfs-file.ashx/__key/CommunityServer.Components.Avatars/00.00.00.27.26/4TDQTMUUHREP.jpg</AvatarUrl>
<Occupation/>
<Interests/>
<Birthday xsi:nil="true"/>
<Gender>NotSet</Gender>
<BlogAddress/>
<GalleryAddress/>
<MsnIM/>
<AolIM/>
<YahooIM/>
<IcqIM/>
<Settings>
    <Email>foo@yahoo.com</Email>
    <EnableEmail>false</EnableEmail>
    <EnableNotifications>false</EnableNotifications>
    <EnableHtmlEmail>true</EnableHtmlEmail>
    <EnableAvatar>true</EnableAvatar>
    <EnableCollapsingPanels>true</EnableCollapsingPanels>
    <EnableDisplayInMemberList>true</EnableDisplayInMemberList>
    <EnableDisplayName>true</EnableDisplayName>
    <EnablePrivateMessages>false</EnablePrivateMessages>
    <EnableUserAvatars>true</EnableUserAvatars>
    <EnableUserSignatures>true</EnableUserSignatures>
    <PostSortOrder>Ascending</PostSortOrder>
    <FontSize>0</FontSize>
    <EnablePostMouseOverPopup>false</EnablePostMouseOverPopup>
    <EnableEmoticons>true</EnableEmoticons>
    <EnableHelpTipsInControlPanel>true</EnableHelpTipsInControlPanel>
    <ItemsPerPageInControlPanel>10</ItemsPerPageInControlPanel>
    <TimeZone>-8</TimeZone>
    <DateFormat>ddd, MMM d yyyy</DateFormat>
</Settings>
<Roles>http://oursite.edu/api/membership.ashx/users/2726/roles/</Roles>
<Status>
    <AccountStatus>Approved</AccountStatus>
    <BannedUntil>2010-11-22T12:07:05</BannedUntil>
    <BanReason>Other</BanReason>
    <IsBanned>false</IsBanned>
    <ForceLogin>true</ForceLogin>
    <IsAvatarApproved>true</IsAvatarApproved>
    <IsIgnored>false</IsIgnored>
    <IsModerated>false</IsModerated>
    <LastAction/>
    <LastActivity>2010-10-22T10:47:20.357</LastActivity>
    <LastLogin>2010-11-17T16:18:38.94-08:00</LastLogin>
    <MinimumTotalPosts>29</MinimumTotalPosts>
</Status>
<Friends Endpoint="http://oursite.edu/api/membership.ashx/users/2726/friends/"/>
<Announcements Endpoint="http://oursite.edu/api/membership.ashx/users/2726/announcements/"/>
<Comments Endpoint="http://oursite.edu/api/membership.ashx/users/2726/comments/"/>
<Conversations Endpoint="http://oursite.edu/api/membership.ashx/users/2726/conversations/"/>
<ActivityMessages Endpoint="http://oursite.edu/api/membership.ashx/users/2726/activitymessages/"/>
</User>

Posted by Layne Robinson

on Tue, Nov 23 2010 7:14 PM

Have you verified that the API is enabled on the site?

From: Robert Miller [mailto:bounce-PurpleGizmo@communities.telligent.com]
Sent: Tuesday, November 23, 2010 1:12 PM
To: discussion_evolution@communities.telligent.com
Subject: Re: [Telligent Evolution Platform Discussion] Can't update user's AccountStatus; get 403 Forbidden error

Posted by Robert Miller

on Tue, Nov 23 2010 7:28 PM

Layne Robinson

Have you verified that the API is enabled on the site?

Yes, we are currently using the v2 REST API to create, update, and delete users. I can also use the v1 Membership API to request users but not update them. Our reason for using the v1 API is to disable user accounts without deleting them.

Posted by Dan Hounshell

on Tue, Nov 23 2010 8:21 PM

Verified Answer

Verified by Robert Miller

You can use the v1 client library externally. You just need to include and reference the CommunityServer.WebServices.dll

Since you are getting a 403 forbidden response, check the permissions on the user making the request. To update a user that account must have Site - Manage Membership permissions. What is the message you are getting? Is it "Permission to update user denied."?

Posted by Robert Miller

on Tue, Nov 23 2010 9:06 PM

Unfortunately, I don't receive a very descriptive error message. The exact message is: "The remote server returned an error: (403) Forbidden." The account that the API key belongs to has admin-level permissions, including the Site - Manage Membership permission. I also double-checked IIS to be sure that the account used in the AppPool has adequate permissions.

Thank you for letting me know about using the client API externally! I'll give that a try next and let you know if I run into any issues.

Posted by Robert Miller

on Tue, Nov 23 2010 11:53 PM

Thanks, Dan! Looks like the client API will work for us after all. Smile

All Replies

Posted by Dan Hounshell

on Tue, Nov 23 2010 2:36 PM

No, the membership API has not been removed in 5.5 or 5.6. Nothing has changed in the v1 API in quite a while. I'm looking into this specific issue now.

Posted by Dan Hounshell

on Tue, Nov 23 2010 4:19 PM

Verified Answer

Verified by Robert Miller

I used the following code to update a user's status and it worked fine.

MembershipService _service = new MembershipService(_url, _username, _apikey);

user = _service.GetUser("bob12");

user.Status.AccountStatus = UserAccountStatus.Disapproved;

user.Update();

Posted by Robert Miller

on Tue, Nov 23 2010 7:11 PM

Posted by Layne Robinson

on Tue, Nov 23 2010 7:14 PM

Have you verified that the API is enabled on the site?

Posted by Robert Miller

on Tue, Nov 23 2010 7:28 PM

Layne Robinson

Have you verified that the API is enabled on the site?

Posted by Dan Hounshell

on Tue, Nov 23 2010 8:21 PM

Verified Answer

Verified by Robert Miller

You can use the v1 client library externally. You just need to include and reference the CommunityServer.WebServices.dll

Posted by Robert Miller

on Tue, Nov 23 2010 9:06 PM

Thank you for letting me know about using the client API externally! I'll give that a try next and let you know if I run into any issues.

Posted by Robert Miller

on Tue, Nov 23 2010 11:53 PM

Thanks, Dan! Looks like the client API will work for us after all. Smile