Using Active Directory Rights Management Services
Several elements make up the Active Directory Rights Management Services (AD RMS) infrastructure. The AD RMS SDK is used by applications that publish content protected by AD RMS, as well as by applications that access this content. AD RMS functions are contained in Msdrm.dll.
The AD RMS API provides methods that interact with an AD RMS server to allow client applications to create client sessions, find servers that activate machines and users, and initialize secure AD RMS environments. In publishing scenarios, applications encrypt content and identify users and the rights users will have to protected content. Then they use the AD RMS client API methods to send an issuance license that contains user/rights data to the server, where the issuance license is signed and returned to the publishing application. Other client applications can then use the API to request an end-user license and decrypt the content for authorized use.
Content encryption, decryption, management of certificates, and licensing are provided by the AD RMS client API in a manner that hides many of the low-level details. For this reason, the development of AD RMS applications does not require a specialist in cryptography. However, you can use other cryptographic APIs to handle encryption by using the supported algorithms (currently AES). For information about how to encrypt content by using the AD RMS encryption functions, see Encrypting Content by Using AD RMS Functions. For information about how to encrypt content by using the CryptoAPI functions, see Encrypting Content by Using CryptoAPI Functions.
The primary use of the AD RMS SDK is to build lockbox-enabled applications. However, there are cases where an application requires a solution that does not use a lockbox. In that case, an application can use the AD RMS functions based on Msdrm.dll with SOAP APIs. To determine whether your application should use a lockbox, and which type of lockbox, see Determining Whether to Use a Lockbox.
For more information about using AD RMS, see the following topics.
| Section | Description |
|---|---|
| About Rights Active Directory Management Services | Provides an overview of the platform for application development using AD RMS. |
| Installing the Active Directory Rights Management Services SDK | Discusses how to set up your development environment and specifies client and server requirements. |
| Client Quick Start | Discusses how to verify your environment and highlights the client sample programs included with the SDK. |
| Server Quick Start | Discusses the Protected Document Library Sample included with the SDK. |
| Building an AD RMS-Enabled Application | Provides information about how to create a cryptographic key pair and have the public key signed into the appropriate trust chain. |
| Building a Publishing Application Without Using a Lockbox | Information about building a publishing application without a lockbox by using Msdrm.dll and the AD RMS SOAP APIs. |
Send comments about this topic to Microsoft
Build date: 3/13/2008