Reading a PFILE protected PDF


We've heard a request for a simple code example for reading a PFILE protected PDF file so, here's a code snippet (below) that accomplishes the basic option. In order to preserve and enforce the protected document’s rights the app will need to get the license key then check the rights of the current user before decryption the file. 

NOTE: Only use the RMS_AWARE flag only if you are going to properly enforce the rights.  



       // get the license and key

       PCWSTR wszInputFilePath = …;      // input file path

       PIPC_BUFFER pvLicense = NULL;

       IPC_KEY_HANDLE hKey = NULL;

       hr = IpcfGetSerializedLicenseFromFile(wszInputFilePath, &pvLicense);

       hr = IpcGetKey(pvLicense, 0, NULL, NULL, &hKey);


       // check access rights and proceed if the user has sufficient rigths

       BOOL fCanPrint = FALSE, fCanComment = FALSE;

       hr = IpcAccessCheck(hKey, IPC_GENERIC_PRINT, &fCanPrint);

       hr = IpcAccessCheck(hKey, IPC_GENERIC_COMMENT, &fCanComment);


       // decrypt the protected file if the user has the sufficient rights

       // if (fCanPrint & fCanComment)


         PCWSTR wszOutputDirectory = …;    // directory to output the decrypted file (e.g. temp directory)

         PCWSTR wszOutputFilePath = NULL;  // output parameter to return the path of the decrypted file

         hr = IpcfDecryptFile(wszInputFilePath, IPCF_DF_FLAG_OPEN_AS_RMS_AWARE, NULL, wszOutputDirectory, &wszOutputFilePath);


       // clean up





Bruce Perler on behalf of Dan Plastina

Comments (1)

  1. lptian says:


    The program which run by a domain user read permissions from file protected by policy of Windows azure right management service.

    code snippet

    byte[] licenseByte = SafeFileApiNativeMethods.IpcfGetSerializedLicenseFromFile("C:\test.docx");

    SafeInformationProtectionKeyHandle keyHandle= SafeNativeMethods.IpcGetKey(licenseByte , false, false, false);

    TemplateInfo template = SafeNativeMethods.IpcGetSerializedLicenseDescriptor(licenseByte , keyHandle, null);

    domain user: rmsuser1      online service

    when the second row is executed,a excepiton is thrown

    Microsoft.InformationProtectionAndControl.InformationProtectionException: You have not been granted the rights necessary to complete the specified operation. Contact the content owner for additional rights. HRESULT: 0x80040211

    How to resolve it,can you help me


Skip to main content