File​Revocation​Manager File​Revocation​Manager File​Revocation​Manager Class

Definition

Note

FileRevocationManager may be unavailable for releases after Windows 10. Instead, use FileProtectionManager.

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Provides access to Selective Wipe operations.

public static class FileRevocationManagerpublic static class FileRevocationManagerPublic Static Class FileRevocationManager
Attributes
Windows 10 requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)

Methods

CopyProtectionAsync(IStorageItem, IStorageItem) CopyProtectionAsync(IStorageItem, IStorageItem) CopyProtectionAsync(IStorageItem, IStorageItem)

Note

FileRevocationManager may be unavailable for releases after Windows 10. Instead, use FileProtectionManager.

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Copy the selective wipe protection state of a file or folder to a new file or folder.

public static IAsyncOperation<bool> CopyProtectionAsync(IStorageItem sourceStorageItem, IStorageItem targetStorageItem)public static IAsyncOperation<bool> CopyProtectionAsync(IStorageItem sourceStorageItem, IStorageItem targetStorageItem)Public Static Function CopyProtectionAsync(sourceStorageItem As IStorageItem, targetStorageItem As IStorageItem) As IAsyncOperation( Of bool )
Parameters
sourceStorageItem
IStorageItem IStorageItem IStorageItem

The source item to copy the selective wipe protection status from.

targetStorageItem
IStorageItem IStorageItem IStorageItem

The target item to copy the selective wipe protection status to.

Returns

True if the copy operation was successful; otherwise false.

Attributes

Remarks

If you save a new copy of a file as the result of a "save as" operation, the selective wipe protection status is not copied with the file. To protect the file, you must call the CopyProtectionAsync method to copy the existing protection status to the new file. If you copy a protected file using the CopyAsync or CopyAndReplaceAsync methods, the selective wipe protection status is copied with the file and you do not need to call the CopyProtectionAsync method.

public async Task<bool> CopyFile(StorageFile file, StorageFolder newFolder) 
{
    bool result = false;

    try
    {
        var newFile = await file.CopyAsync(newFolder);
        result = await 
            Windows.Security.EnterpriseData.FileRevocationManager.
            CopyProtectionAsync(file, newFile);
        }
    catch (Exception e) 
    {
        // Handle exception. For example, copy already exists.
    }

    return result;
}
function copyFile(file, newFolder) {
    file.copyAsync(newFolder).then(
        function (newFile) {
            Windows.Security.EnterpriseData.FileRevocationManager.
                copyProtectionAsync(file, newFile);
        },
        function (err) {
            // Handle error. For example, copy already exists.
        });
}

The CopyProtectionAsync method requires exclusive access to the file or folder being encrypted, and will fail if another process is using has a handle open to the file or folder.

See Also

GetStatusAsync(IStorageItem) GetStatusAsync(IStorageItem) GetStatusAsync(IStorageItem)

Note

FileRevocationManager may be unavailable for releases after Windows 10. Instead, use FileProtectionManager.

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Gets the selective wipe protection status for a file or folder.

public static IAsyncOperation<FileProtectionStatus> GetStatusAsync(IStorageItem storageItem)public static IAsyncOperation<FileProtectionStatus> GetStatusAsync(IStorageItem storageItem)Public Static Function GetStatusAsync(storageItem As IStorageItem) As IAsyncOperation( Of FileProtectionStatus )
Parameters
storageItem
IStorageItem IStorageItem IStorageItem

The file or folder to get the selective wipe protection status for.

Returns

An aysnchronous operation that retrieves the selective wipe protection status for the storageItem.

Attributes

Remarks

You can use the GetStatusAsync method to determine the Selective Wipe protection status of a file or folder. This will tell you if a file is protected or not, if a file is protected by another user on the computer, and so on. A common use of the GetStatusAsync method is to determine when a protected file should be deleted. For example, when a protected file is revoked, an attempt to access the file contents will result in an "Access is denied" exception. When you encounter that exception, you can use the GetStatusAsync method to determine if the file has been revoked by Selective Wipe and then delete the file if it has, as shown in the following example.

ApplicationData appRootFolder = ApplicationData.Current;
string enterpriseIdentity = "example.com";
int AccessDeniedHResult = -2147024891;  // Access Denied (0x80070005)
private async Task<IRandomAccessStream> GetFileContents(string filePath)
{
    IRandomAccessStream stream = null;
    StorageFile file = null;

    try
    {
        file = await StorageFile.GetFileFromPathAsync(filePath);
        stream = await file.OpenReadAsync();
    }
    catch (UnauthorizedAccessException e)
    {
        if (e.HResult == AccessDeniedHResult)
        {
            // Delete file if it has been revoked.
            SelectiveWipeCleanup(file);
        }

        return null;
    }

    return stream;
}

// Delete items revoked by Selective Wipe.
private async void SelectiveWipeCleanup(StorageFile file)
{
    var status = await Windows.Security.EnterpriseData.FileRevocationManager.GetStatusAsync(file);
    if (status == Windows.Security.EnterpriseData.FileProtectionStatus.Revoked)
    {
        await file.DeleteAsync();
    }
}
var appRootFolder = Windows.Storage.ApplicationData.current;
var enterpriseIdentity = "example.com";
var accessDeniedHResult = -2147024891;  // Access Denied (0x80070005)
function getFileContents(filePath) {
    var stream;
    var file;

    Windows.Storage.StorageFile.getFileFromPathAsync(filePath).then(
        function (f) {
            file = f;
            file.openReadAsync().then(
                function (s) {
                    stream = s;
                    return stream;
                },
                function (err) {
                    if (err.number == accessDeniedHResult) {
                        // Delete file if it has been revoked.
                        selectiveWipeCleanup(file);
                    }
                });
        });

    return null;
}

// Delete items revoked by Selective Wipe.
function selectiveWipeCleanup(file) {
    Windows.Security.EnterpriseData.FileRevocationManager.
        getStatusAsync(file).then(
            function (status) {
                if (status == 
                    Windows.Security.EnterpriseData.FileProtectionStatus.revoked) {
                        file.deleteAsync();
                }
        });

}
See Also

ProtectAsync(IStorageItem, String) ProtectAsync(IStorageItem, String) ProtectAsync(IStorageItem, String)

Note

FileRevocationManager may be unavailable for releases after Windows 10. Instead, use FileProtectionManager.

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Protects a file or folder for selective wipe.

public static IAsyncOperation<FileProtectionStatus> ProtectAsync(IStorageItem storageItem, String enterpriseIdentity)public static IAsyncOperation<FileProtectionStatus> ProtectAsync(IStorageItem storageItem, String enterpriseIdentity)Public Static Function ProtectAsync(storageItem As IStorageItem, enterpriseIdentity As String) As IAsyncOperation( Of FileProtectionStatus )
Parameters
storageItem
IStorageItem IStorageItem IStorageItem

The file or folder to protect for selective wipe.

enterpriseIdentity
System.String System.String System.String

The enterprise id that the file or folder is protected for. The enterpriseIdentity value must be formatted as an Internationalized Domain Name (IDN) and cannot contain spaces. For example, contoso.com.

Returns

An asynchronous operation that retrieves the selective wipe protection status for the storageItem.

Attributes

Remarks

You can use the ProtectAsync method to protect a file or folder using Selective Wipe. This identifies the file as protected for your enterprise identifier, such as "example.com", as shown in the previous code example. If you protect a folder using the ProtectAsync method, then all files in that folder inherit the same protection.

ApplicationData appRootFolder = ApplicationData.Current;
string enterpriseIdentity = "example.com";
int AccessDeniedHResult = -2147024891;  // Access Denied (0x80070005)
// Add a folder and protect it using Selective Wipe.
private async Task<StorageFolder> AddFolder(string folderName)
{
    StorageFolder newFolder = await appRootFolder.LocalFolder.CreateFolderAsync(folderName);

    var status = await ProtectItem(newFolder, enterpriseIdentity);

    return newFolder;
}

// Add a file and protect it using Selective Wipe.
private async Task<StorageFile> AddFile(string fileName, StorageFolder folder)
{
    StorageFile newFile = await folder.CreateFileAsync(fileName);

    var status = 
        await Windows.Security.EnterpriseData.FileRevocationManager.
            GetStatusAsync(newFile);

    if (status != Windows.Security.EnterpriseData.FileProtectionStatus.Protected)
    {
        status = await ProtectItem(newFile, enterpriseIdentity);
    }

    return newFile;
}

private async Task<Windows.Security.EnterpriseData.FileProtectionStatus> 
    ProtectItem(IStorageItem item, string enterpriseIdentity)
{
    var status = 
        await Windows.Security.EnterpriseData.FileRevocationManager.
            ProtectAsync(item, enterpriseIdentity);

    return status;
}
var appRootFolder = Windows.Storage.ApplicationData.current;
var enterpriseIdentity = "example.com";
var accessDeniedHResult = -2147024891;  // Access Denied (0x80070005)
// Add a folder and protect it using Selective Wipe.
function addFolder(folderName) {
    appRootFolder.localFolder.createFolderAsync(folderName).then(
        function (newFolder) {
            protectItem(newFolder);
        });
}

// Add a file and protect it using Selective Wipe.
function addFile(fileName, folder) {
    folder.createFileAsync(fileName).then(
        function (newFile) {
            Windows.Security.EnterpriseData.
                FileRevocationManager.getStatusAsync(newFile).then(
                    function (status) {
                        if (status != Windows.Security.EnterpriseData.
                                FileProtectionStatus.Protected) {
                            protectItem(newFile, enterpriseIdentity);
                        }
                    });
        },
        function (err) {
            // Handle error. For example, file already exists.
        });
}

function protectItem(item, enterpriseIdentity) {
    Windows.Security.EnterpriseData.FileRevocationManager.
        protectAsync(item, enterpriseIdentity).then(
            function (status) {
                return status;
            });
}

The ProtectAsync method requires exclusive access to the file or folder being encrypted, and will fail if another process is using has a handle open to the file or folder.

See Also

Revoke(String) Revoke(String) Revoke(String)

Note

FileRevocationManager may be unavailable for releases after Windows 10. Instead, use FileProtectionManager.

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Revokes all files and folders protected for selective wipe for a specified enterprise id.

public static void Revoke(String enterpriseIdentity)public static void Revoke(String enterpriseIdentity)Public Static Function Revoke(enterpriseIdentity As String) As void
Parameters
enterpriseIdentity
System.String System.String System.String

Revoke all files and folders protected by selective wipe for this enterprise id. The enterpriseIdentity value must be formatted as an Internationalized Domain Name (IDN) and cannot contain spaces. For example, contoso.com.

Attributes

Remarks

When your app determines that a user is no longer valid, you can quickly revoke access to all of the files and folders protected for an enterprise identity using the Revoke method, as shown in the following example. The file is not deleted by the Revoke method. The Revoke method puts the file into state where it cannot be accessed. You can add code to your app to delete a file that is inaccessible and has been revoked.

See Also

See Also