public IHttpActionResult DeleteCSUser(int id) { // sm ------ start System.Net.Http.Headers.HttpRequestHeaders headers = this.Request.Headers; if (!headers.Contains("secretkey") || (headers.Contains("secretkey") && headers.GetValues("secretkey").First() != "secret")) { // return Unauthorized(); this does not work as response.IsSuccessStatusCode==true (why????). // return NotFound(); return(BadRequest()); } // sm end CSUser csUser = repository.GetCSUserByID(id); if (csUser == null) { return(NotFound()); } repository.DeleteCSUser(csUser); return(Ok(csUser)); }