Getting a 403 exception while Posting to twitter using ""


Hi ! I am trying to integrate a twitter app into a wpf desktop application.I am using oauth-pin based authentication to access the tokens.I am able to get the access token and the access token secret, but im unable to post as it is showing a 403 exception.Any idea why? Ive been stuck for days :expressionless:

Given below is the code for posting:

HttpWebRequest PostTwits(string oauth_consumer_key, string oauth_consumer_secret, string oauth_access_token, string oauth_token_secret, string postData)

            postData = "trim_user=true&include_entities=true&status=" + postData;
            string updateStatusURL = "" ;

            string outUrl;
            string OAuthHeaderPOST = TwitterUtility.GetAuthorizationHeaderForPost_OR_QueryParameterForGET(new Uri(updateStatusURL), callbackUrl, httpMethod.POST.ToString(), oauth_consumer_key, oauth_consumer_secret, oauth_access_token, oauth_token_secret, out outUrl);

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(outUrl);
            request.Method = httpMethod.POST.ToString();
            request.Headers["Authorization"] = OAuthHeaderPOST;

            byte[] array = Encoding.ASCII.GetBytes(postData);
            request.GetRequestStream().Write(array, 0, array.Length);
            return request;


public static string GetAuthorizationHeaderForPost_OR_QueryParameterForGET(Uri url, string callbackUrl, string httpMethod, string consumerKey, string consumerSecret, string token, string tokenSecret, out string normalizedUrl)
            string normalizedParameters = "";

            Dictionary<string, string> parameters = new Dictionary<string, string>();
            parameters.Add("oauth_version", "1.0");
            if (token != "")
                parameters.Add("oauth_token", token);
            parameters.Add("oauth_nonce", GenerateNonce()); //Random String
            parameters.Add("oauth_timestamp", GenerateTimeStamp()); // Current Time Span
            parameters.Add("oauth_consumer_key", consumerKey); //Customer Consumer Key
            parameters.Add("oauth_signature_method", "HMAC-SHA1"); //Singnatur Encription Method
            parameters.Add("oauth_callback", UrlEncode(callbackUrl)); //return url

            Dictionary<string, string> drQuery = GetQueryParameters(url.Query);
            foreach (string key in drQuery.Keys)
                parameters.Add(key, drQuery[key]);

            if (url.Query != "")
                normalizedUrl = url.AbsoluteUri.Replace(url.Query, "");
                normalizedUrl = url.AbsoluteUri;

            List<string> li = parameters.Keys.ToList();

            StringBuilder sbOAuthHeader = new StringBuilder("OAuth ");
            StringBuilder sbSignatureBase = new StringBuilder();
            foreach (string k in li)
                sbSignatureBase.AppendFormat("{0}={1}&", k, parameters[k]); // For Signature and Get Date (QueryString)
                sbOAuthHeader.AppendFormat("{0}=\"{1}\", ", k, parameters[k]); // For Post Request (Post Data)

            string signature = GenerateSignatureBySignatureBase(httpMethod, consumerSecret, tokenSecret, normalizedUrl, sbSignatureBase);

            if (httpMethod == "POST")
                string OAuthHeader = sbOAuthHeader.Append("oauth_signature=\"" + UrlEncode(signature) + "\"").ToString();
                normalizedParameters = OAuthHeader;
            else if (httpMethod == "GET")
                normalizedParameters = sbSignatureBase.AppendFormat("{0}={1}", "oauth_signature", signature).ToString(); ;
            return normalizedParameters;

private static string GenerateSignatureBySignatureBase(string httpMethod, string consumerSecret, string tokenSecret, string normalizedUrl, StringBuilder sbSignatureBase)
            string normalizedRequestParameters = sbSignatureBase.ToString().TrimEnd('&');
            StringBuilder signatureBase = new StringBuilder();
            signatureBase.AppendFormat("{0}&", httpMethod.ToString());
            signatureBase.AppendFormat("{0}&", UrlEncode(normalizedUrl));
            signatureBase.AppendFormat("{0}", UrlEncode(normalizedRequestParameters));

            HMACSHA1 hmacsha1 = new HMACSHA1();
            hmacsha1.Key = Encoding.UTF8.GetBytes(string.Format("{0}&{1}", UrlEncode(consumerSecret), UrlEncode(tokenSecret)));
            byte[] hashBytes = hmacsha1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(signatureBase.ToString()));
            return Convert.ToBase64String(hashBytes);


A 403 forbidden suggests that you’ve likely passed through the authentication layer and instead re being forbidden from posting the tweet for another reason. Examine the response body of the HTTP 403 for a hint as to why that might be.

Do you know if your access token and application are configured for read-write operations?