SOLVED

AIP - Unprotecting an protecting Office files

%3CLINGO-SUB%20id%3D%22lingo-sub-1458527%22%20slang%3D%22de-DE%22%3EAIP%20-%20Unprotecting%20an%20protecting%20Office%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1458527%22%20slang%3D%22de-DE%22%3E%3CP%3E%3CSPAN%3EHi!%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EA%20while%20ago%20I%20have%20written%20a%20service%20(in%20C)%20to%20connect%20to%20Azure%20Information%20Protection%20(with%20the%20SDK%201.2.153)%20to%20unprotect%20files%2C%20change%20them%20and%20reprotect%20them%20again%20with%20the%20same%20protection%20they%20had%20before.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI've%20got%20the%20protection%20lizense%2Finformation%20by%20calling%20FileHandler.GetserializedPublishingLizense%20and%20GetSerializedProtectionInfo%2C%20then%20I've%20called%20RemoveProtection%20and%20in%20the%20end%20i've%20reset%20the%20protection%20by%20calling%20SetProtection%20with%20the%20results%20that%20I've%20got%20earlier.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ENow%20I%20try%20to%20do%20the%20same%20with%20the%20SDK%20version%201.6.113%20without%20success.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EEvery%20funcion%20changed.%20Now%20I%20cannot%20even%20create%20a%20FileEngine%20without%20an%20identity%20or%20a%20cloud.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20I%20set%20an%20identity%20(the%20mail%20address%20is%20not%20important)%2C%20I%20can%20create%20a%20FileEngine.%20If%20I%20choose%20Commercial%20cloud%20I%20can%20also%20create%20the%20FileEngine.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThen%20I%20get%20the%20protection%20description%20by%20getting%20the%20handler.%20Protection.ProtectionDescriptor-property.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20am%20able%20to%20unprotect%20the%20file%20and%20to%20change%20it.%20But%20when%20I%20try%20to%20reprotect%20it%20(using%20the%20protection%20descriptor)%20the%20protection%20is%20messed%20up.%20The%20file%20gets%20protected%20but%20I%20cannot%20access%20it.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20I%20try%20to%20set%20the%20same%20label%20(which%20I%20got%20before%20unprotecting%20the%20file)%20the%20same%20happens.%20The%20file%20is%20protected%20but%20I%20cannot%20access.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWhat%20am%20I%20doing%20wrong%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAny%20help%20would%20be%20appreciated!%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ECheers%20Alex%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1458527%22%20slang%3D%22de-DE%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1475950%22%20slang%3D%22en-US%22%3ERe%3A%20AIP%20-%20Unprotecting%20an%20protecting%20Office%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1475950%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F696761%22%20target%3D%22_blank%22%3E%40AlexNbg72%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi!%20This%20scenario%20functions%20a%20bit%20differently%20than%20you%20might%20expect.%20We%20refer%20to%20this%20as%20republishing%20and%20we've%20recently%20documented%20it%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Finformation-protection%2Fdevelop%2Fquick-file-republishing-csharp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Finformation-protection%2Fdevelop%2Fquick-file-republishing-csharp%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECan%20you%20take%20a%20look%20at%20that%20and%20let%20me%20know%20if%20it%20answers%20your%20question%3F%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20cloud%20or%20identity%20are%20required%20for%20service%20discovery.%20When%20you%20create%20the%20FileEngineSettings%20object%2C%20you%20must%20provide%20an%20object%20of%20Microsoft.InformationProtection.Identity%20as%20part%20of%20the%20constructor%2C%20or%20set%20it%20on%20the%20object%20after%20initialization.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20don't%20have%20the%20identity%20of%20the%20user%2C%20then%20you%20must%20set%20the%20Cloud%20parameter%20on%20the%20FileEngineSettings%20object.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi!

A while ago I have written a service (in C#) to connect to Azure Information Protection (with the SDK 1.2.153) to unprotect files, change them and reprotect them again with the same protection they had before.

I've got the protection lizense/information by calling FileHandler.GetserializedPublishingLizense and GetSerializedProtectionInfo, then I've called RemoveProtection and in the end i've reset the protection by calling SetProtection with the results that I've got earlier.

 

Now I try to do the same with the SDK version 1.6.113 without success.

Every funcion changed. Now I cannot even create a FileEngine without an identity or a cloud.

If I set an identity (the mail address is not important), I can create a FileEngine. If I choose Commercial cloud I can also create the FileEngine.

Then I get the protection description by getting the handler.Protection.ProtectionDescriptor-property.

I am able to unprotect the file and to change it. But when I try to reprotect it (using the protection descriptor) the protection is messed up. The file gets protected but I cannot access it.

If I try to set the same label (which I got before unprotecting the file) the same happens. The file is protected but I cannot access ist.

 

What am I doing wrong?

Any help would be appreciated!

Cheers Alex

1 Reply
best response confirmed by AlexNbg72 (Occasional Visitor)
Solution

@AlexNbg72 

 

Hi! This scenario functions a bit differently than you might expect. We refer to this as republishing and we've recently documented it here: https://docs.microsoft.com/en-us/information-protection/develop/quick-file-republishing-csharp

 

Can you take a look at that and let me know if it answers your question? 

 

The cloud or identity are required for service discovery. When you create the FileEngineSettings object, you must provide an object of Microsoft.InformationProtection.Identity as part of the constructor, or set it on the object after initialization. 

 

If you don't have the identity of the user, then you must set the Cloud parameter on the FileEngineSettings object.