Share via

Updating the Issuance License

  • Article

If a container file is stored for any length of time, it is possible that the users and rights in the file's issuance license are out of date. You may need to add more users, for instance, or remove a right for an existing user. To do this, you must rebuild the issuance license and use the latest template or specifications, republish the existing license by using the SOAP method EditIssuanceLicense, then replace the old issuance license with the new one in the compound file. EditIssuanceLicense takes in a signed issuance license (the old one) and an unsigned issuance license (the new one), puts the encrypted content key from the old license into the new issuance license, and signs it. If you created a new issuance license and replaced the old one with it, you would lose the content key that is used to encrypt the content, and the content would be irretrievable. Similarly, you cannot create a new signed issuance license and swap out the content keys by hand because the signature in the new issuance license would not be correct, and the consuming application would not accept the license.

Note  For EditIssuanceLicense to work, your application must have entered the application-specific data pair "Allow_Server_Editing"/"True" in the original issuance license.

To republish an issuance license

  1. Obtain the existing issuance license from the compound file (see Obtaining the Existing Issuance License).
  2. Create a new, unsigned issuance license for the content (see Creating a New Unsigned Issuance License).
  3. Make the SOAP call EditIssuanceLicense, passing in both certificates, and retrieve the returned issuance license chain (see Republishing the Issuance License).
  4. Replace the existing issuance license in the compound file (see Replacing the Issuance License in the Compound File).

Important  The EditIssuanceLicense method on AD RMS has its access control list (ACL) set to "System" by default. If you want to use this method, you must change the ACL for EditIssuanceLicense.asmx to an appropriate value to allow this function to be used. It is very important to understand that only approved computers or (occasionally) users should have access to this function because anyone with access to this function can gain full rights to any license issued by this service that has the "Allow_Server_Editing"/"True" pair.

See Also

Building a Protected Document Library

Send comments about this topic to Microsoft

Build date: 3/13/2008