locked
impersonate account to do RMS encryption RRS feed

  • 問題

  • Hi all,

     

    I'm developing a web application that can protect Word document using the AD RMS in Word Application. An impersonate account 'MyUser' is being used to invoke the Word Applicaiton to do the RMS encryption.

    If  we keep 'MyUser'  having a active logon session in the applicaiton server,  other users can run our application via web browser in any client machines and the program works fine.

    However, when 'MyUser'  has no active logon session in the applicaiton server, other users run our application via web browser in any client machines and error 'E_DRM_NEEDS_MACHINE_ACTIVATION.' always returns.

    When we further ran in debug mode, the error was actually thrown during executing "wordPermission.Enabled = true;"

    Application Server:

    Window Server 2008 R2

    .net framework 4.0

    Microsoft Office 2010 Professional Plus

     

    RMS server:

    AD RMS

    /////////////////////////

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using Microsoft.Office.Core;
    using Word = Microsoft.Office.Interop.Word;
    using Excel = Microsoft.Office.Interop.Excel;
    using HAB.CCPIASB.Utility;

    namespace HAB.CCPIASB.Core.Lib.RMS
    {
        public class RMSPermissionManager
        {
            #region Public Property
            public string FilePath { get; set; }
            public RMSFileType FileType { get; set; }
            #endregion

            #region Constructors

            public RMSPermissionManager()
            {
            }

            public RMSPermissionManager(string filePath, RMSFileType fileType)
            {
                this.FilePath = filePath;
                this.FileType = fileType;
            }

            #endregion

            #region Permission Methods

            public void SetPermission(RMSPermissionOption option)
            {
                if (this.FileType == RMSFileType.Word)
                {
                    SetWordPermission(option);
                }
                else if (this.FileType == RMSFileType.Excel)
                {
                    SetExcelPermission(option);
                }
                else
                {
                    throw new InvalidOperationException();
                }
            }

            private void SetWordPermission(RMSPermissionOption option)
            {
                Word.Application wordApp = new Word.Application();
                wordApp.Visible = false;
                wordApp.WindowState = Word.WdWindowState.wdWindowStateMinimize;

                Word._Document wordDocument = null;

                try
                {
                    wordDocument = wordApp.Documents.Open(this.FilePath);
                    wordDocument.Activate();

                    //创建一个加密的对象
                    Permission wordPermission = wordDocument.Permission;
                    wordPermission.Enabled = true;
                   
                    //去掉原RMS加密设置
                    wordPermission.RemoveAll();

                    //设置RMS加密设置
                    wordPermission.StoreLicenses = option.IsAllowStoreLicenses;
                    wordPermission.RequestPermissionURL = option.RequestPermissionURL;
                   
                    //设置只读用户权限
                    Helper.AddReadUsersPermission(ref wordPermission, option.ReadUserMails, option);

                    //设置可编辑用户权限
                    Helper.AddEditUsersPermission(ref wordPermission, option.EditUserMails, option);

                    // Save Word
                    wordDocument.Save();

                }
                catch (Exception ex)
                {
                    throw;
                }
                finally
                {
                    if (wordDocument != null)
                    {
                        wordDocument.Close();
                        wordDocument = null;
                    }
                    wordApp.Quit(Type.Missing, Type.Missing, Type.Missing);
                    wordApp = null;

                }

            }

            #endregion

            #region Helper Methods

            class Helper
            {
                public static void AddReadUsersPermission(ref Permission permission, List<string> readUserMails, RMSPermissionOption option)
                {
                    if (readUserMails.Count > 0)
                    {
                        for (int i = 0; i < readUserMails.Count; i++)
                        {
                            int iUserPermissions = Convert.ToInt32(MsoPermission.msoPermissionRead);
                            if (option.IsAllowPrint)
                            {
                                iUserPermissions += Convert.ToInt32(MsoPermission.msoPermissionPrint);
                            }
                            if (option.IsAllowCopy)
                            {
                                iUserPermissions += Convert.ToInt32(MsoPermission.msoPermissionExtract);
                            }

                            //第一个参数是允许读取该文档的用户的邮件地址,第二个参数就是权限代码,最后一个参数是过期日期
                            permission.Add(readUserMails[i], iUserPermissions, option.ExpirationDate);
                        }
                    }
                }

                public static void AddEditUsersPermission(ref Permission permission, List<string> editUserMails, RMSPermissionOption option)
                {
                    if (editUserMails.Count > 0)
                    {

                        for (int i = 0; i < editUserMails.Count; i++)
                        {
                            int iUserPermissions = Convert.ToInt32(MsoPermission.msoPermissionChange);
                            if (option.IsAllowPrint)
                            {
                                iUserPermissions += Convert.ToInt32(MsoPermission.msoPermissionPrint);
                            }

                            permission.Add(editUserMails[i], iUserPermissions, null);

                        }
                    }
                }
            }

            #endregion

        }
    }

    2012年4月19日 5:22

解答