public IHttpActionResult Delete(long id) { string token = GetAuthToken(); IHttpActionResult validation = Validate(token, id); if (validation != null) { return(validation); } validation = ValidateUserCanBeDeleted(token); if (validation != null) { return(validation); } DataAccessSoapClient ws = new DataAccessSoapClient(); User target = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); if (target.Role != DataAccessWS.UserRole.BUYER) { return(NotFound()); } User removed = ws.RemoveUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); RestUser res = CreateRestUser(removed); res.href = ""; return(Ok(res)); }