Building a Publishing Application

An application must follow basic steps to publish Active Directory Rights Management Services (AD RMS)–protected content. The following topics provide examples, and in some cases, list errors that an application should trap.

Many functions in the rights management system depend on objects created or obtained by other functions, so although the order of tasks is not rigid, you must be aware of what functions must execute before other functions to prepare the necessary objects. A good example of this is obtaining licenses or certificates, which takes place several different times in an application.

Some steps, such as rights processing or license querying, can be quite complex and typically must be custom-designed for an application. The documentation describes the basic process, illustrates it with an example, and gives some information about the variations that an application might need to address.

A publishing application includes a complete consuming application because part of the publishing pathway includes binding to and exercising a right in a license. Therefore, you must understand how to create a consuming application before you can create a publishing application.

The examples do not cover error-checking exhaustively. An application designer is expected to trap generic errors that are appropriate to a step (such as E_DRM_ENV_CANNOT_LOAD when attempting to create an environment handle) and handle them appropriately.

Overview of the Content Publishing Pathway

The following diagram shows the basic content publishing pathway.

The diagram shows the following details:

1. Create a client session. If you are encrypting the content by using encryption functions other than those provided with this SDK, you can encrypt your content at any time.
2. Determine whether the computer and user are activated, and if not, activate them.
3. Create an issuance license from a template, from an existing right, or from scratch.
4. Add rights, users, metadata, and other information to the license.
5. Use the issuance license to request a signed issuance license, specifying yourself as the owner. If you are using external functions to encrypt the content, you must pass the key into this request.
6. If you already encrypted the content, you are done. Otherwise, request the end-user license, bind to the OWNER right, and create an enabling bits AD RMS encrypting object.
7. Use the AD RMS encrypting object to encrypt the content.
8. Save the signed issuance license in a location that the consuming application will expect.

The following topics describe the preceding steps in detail:

• Creating the Client Session
• Activating the Machine
• Activating the User
• Creating an Issuance License
• Adding Users, Rights, and Other Information to a License
• Encrypting Content by Using CryptoAPI Functions
• Obtaining a Signed Issuance License
• Encrypting Content by Using AD RMS Functions
• License Management

Many, if not most, AD RMS-consuming applications must have a manifest. For information about how to obtain one, see Creating the Application Manifest.

See Also

Building a Consuming Application
Methods Used by All Client Applications
Using Active Directory Rights Management Services

Send comments about this topic to Microsoft

Build date: 3/13/2008