/// <summary>
/// Constructor for Action class. Pass in AppInfo to simplify passing settings to AuthDelegate.
/// </summary>
/// <param name="appInfo"></param>
public Action(ApplicationInfo appInfo)
{
this.appInfo = appInfo;
// Initialize AuthDelegateImplementation using AppInfo.
authDelegate = new AuthDelegateImplementation(this.appInfo);
// Initialize SDK DLLs. If DLLs are missing or wrong type, this will throw an exception
MIP.Initialize(MipComponent.File);
// We must construct a service principal identity mail address as it can't be fetched from the token.
// Here, we set it to be [email protected], but the SDK will accept any properly formatted email address.
Identity id = new Identity(String.Format("{0}@{1}", appInfo.ApplicationId, tenant))
{
// DelegatedEmail = "*****@*****.**"
// Use this if you want the app to protect on behalf of a user.
// That user owns the protected content.
};
// Create profile.
profile = CreateFileProfile(appInfo, ref authDelegate);
// Create engine providing Identity from authDelegate to assist with service discovery.
engine = CreateFileEngine(id);
}
/// <summary>
/// Constructor FileApi object using clientId (from Azure AD), application friendly name, and ClaimsPrincipal representing the user
/// </summary>
/// <param name="clientId">Client is the Application ID displayed in the Azure AD App Registration Portal</param>
/// <param name="applicationName">The application friendly name</param>
/// <param name="claimsPrincipal">ClaimsPrincipal representing the authenticated user</param>
public FileApi(string clientId, string applicationName, string applicationVersion, ClaimsPrincipal claimsPrincipal)
{
// Store ApplicationInfo and ClaimsPrincipal for SDK operations.
appInfo = new ApplicationInfo()
{
ApplicationId = clientId,
ApplicationName = applicationName,
ApplicationVersion = applicationVersion
};
// Initialize new AuthDelegate providing the claimsprincipal.
_authDelegate = new AuthDelegateImplementation(claimsPrincipal);
// Set path to bins folder.
var path = Path.Combine(
Directory.GetParent(Path.GetDirectoryName(new Uri(System.Reflection.Assembly.GetExecutingAssembly().CodeBase).LocalPath)).FullName,
Environment.Is64BitProcess ? "bin\\x64" : "bin\\x86");
// Initialize MIP for File API.
MIP.Initialize(MipComponent.File, path);
// Call CreateFileProfile. Result is stored in global.
CreateFileProfile();
// Call CreateFileEngine, providing the user UPN, null client data, and locale.
CreateFileEngine(ClaimsPrincipal.Current.FindFirst(ClaimTypes.Upn).Value, "", "en-US");
}
/// <summary>
/// Constructor for Action class. Pass in AppInfo to simplify passing settings to AuthDelegate.
/// </summary>
/// <param name="appInfo"></param>
public Action(ApplicationInfo appInfo)
{
this.appInfo = appInfo;
// Initialize AuthDelegateImplementation using AppInfo.
authDelegate = new AuthDelegateImplementation(this.appInfo);
// Initialize SDK DLLs. If DLLs are missing or wrong type, this will throw an exception
try
{
MIP.Initialize(MipComponent.File);
// This method in AuthDelegateImplementation triggers auth against Graph so that we can get the user ID.
var id = authDelegate.GetUserIdentity();
// Create profile.
profile = CreateFileProfile(appInfo, ref authDelegate);
// Create engine providing Identity from authDelegate to assist with service discovery.
engine = CreateFileEngine(id);
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Constructor FileApi object using clientId (from Azure AD), application friendly name, and ClaimsPrincipal representing the user
/// </summary>
/// <param name="clientId">Client is the Application ID displayed in the Azure AD App Registration Portal</param>
/// <param name="applicationName">The application friendly name</param>
/// <param name="claimsPrincipal">ClaimsPrincipal representing the authenticated user</param>
public FileApi(string clientId, string applicationName, string applicationVersion, ClaimsPrincipal claimsPrincipal)
{
try
{
// Store ApplicationInfo and ClaimsPrincipal for SDK operations.
_appInfo = new ApplicationInfo()
{
ApplicationId = clientId,
ApplicationName = applicationName,
ApplicationVersion = applicationVersion
};
// Initialize new AuthDelegate providing the claimsprincipal.
_authDelegate = new AuthDelegateImplementation(claimsPrincipal);
// Set path to bins folder.
var path = Path.Combine(
Directory.GetParent(Path.GetDirectoryName(new Uri(System.Reflection.Assembly.GetExecutingAssembly().CodeBase).LocalPath)).FullName, "bin");
// Initialize MIP for File API. Provide the path to the BIN folder. The NuGet package will copy the architecture specific libraries here.
MIP.Initialize(MipComponent.File, path);
// Call CreateFileProfile. Result is stored in global.
CreateFileProfile();
// Call CreateFileEngine, providing the user UPN, null client data, and locale.
CreateFileEngine(ClaimsPrincipal.Current.FindFirst(ClaimTypes.Upn).Value, "", "en-US");
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Constructor for Action class. Pass in AppInfo to simplify passing settings to AuthDelegate.
/// </summary>
/// <param name="appInfo"></param>
public Action(ApplicationInfo appInfo)
{
this.appInfo = appInfo;
// Initialize AuthDelegateImplementation using AppInfo.
authDelegate = new AuthDelegateImplementation(this.appInfo);
// Initialize SDK DLLs. If DLLs are missing or wrong type, this will throw an exception
MIP.Initialize(MipComponent.File);
// This method in AuthDelegateImplementation triggers auth against Graph so that we can get the user ID.
//var id = authDelegate.GetUserIdentity();
// Prompt one time for a user identity.
// This identity is used for service discovery. If MDE SRV record isn't registered properly, we will default to AIP service.
Console.WriteLine("The Identity object provides hints on service discovery.");
Console.WriteLine("If MDE is properly configured, the mail suffix of the user will be used for discovery.");
Console.WriteLine("It will find the MDE record and use the on-prem AD RMS and ADFS for auth.");
Console.Write("Enter a user name, either email or UPN: ");
identity = new Identity(Console.ReadLine());
// Create profile.
profile = CreateFileProfile(appInfo, ref authDelegate);
// Create engine providing Identity from authDelegate to assist with service discovery.
engine = CreateFileEngine(identity);
}
/// <summary>
/// Creates an IFileProfile and returns.
/// IFileProfile is the root of all MIP SDK File API operations. Typically only one should be created per app.
/// </summary>
/// <param name="appInfo"></param>
/// <param name="authDelegate"></param>
/// <returns></returns>
private IFileProfile CreateFileProfile(ApplicationInfo appInfo, ref AuthDelegateImplementation authDelegate)
{
mipContext = MIP.CreateMipContext(appInfo, "mip_data", LogLevel.Trace, null, null);
// Initialize file profile settings to create/use local state.
var profileSettings = new FileProfileSettings(mipContext, CacheStorageType.OnDiskEncrypted, new ConsentDelegateImplementation());
// Use MIP.LoadFileProfileAsync() providing settings to create IFileProfile.
// IFileProfile is the root of all SDK operations for a given application.
var profile = Task.Run(async() => await MIP.LoadFileProfileAsync(profileSettings)).Result;
return(profile);
}
/// <summary>
/// Creates a new IFileProfile object and stores in private _fileProfile.
/// </summary>
private void CreateFileProfile()
{
try
{
var profileSettings = new FileProfileSettings(mipPath, false, _authDelegate, new ConsentDelegateImplementation(), _appInfo, LogLevel.Trace);
_fileProfile = Task.Run(async() => await MIP.LoadFileProfileAsync(profileSettings)).Result;
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Creates a new IFileProfile object and stores in private _fileProfile.
/// </summary>
private void CreateFileProfile()
{
try
{
mipContext = MIP.CreateMipContext(appInfo, mipPath, LogLevel.Error, null, null);
var profileSettings = new FileProfileSettings(mipContext, CacheStorageType.OnDisk, new ConsentDelegateImplementation());
fileProfile = Task.Run(async() => await MIP.LoadFileProfileAsync(profileSettings)).Result;
}
catch (Exception ex)
{
throw ex;
}
}
private IProtectionProfile CreateProtectionProfile(ApplicationInfo appInfo, ref AuthDelegateImplementation authDelegate)
{
// Initialize MipContext
mipContext = MIP.CreateMipContext(appInfo, "mip_data", LogLevel.Trace, null, null);
// Initialize ProtectionProfileSettings
var profileSettings = new ProtectionProfileSettings(mipContext,
CacheStorageType.OnDisk,
new ConsentDelegateImplementation());
// Use MIP.LoadProtectionProfileAsync() providing settings to create IProtectionProfile
// IProtectionProfile is the root of all SDK operations for a given application
var profile = MIP.LoadProtectionProfile(profileSettings);
return(profile);
}
/// <summary>
/// Creates an IFileProfile and returns.
/// IFileProfile is the root of all MIP SDK File API operations. Typically only one should be created per app.
/// </summary>
/// <param name="appInfo"></param>
/// <param name="authDelegate"></param>
/// <returns></returns>
private IFileProfile CreateFileProfile(ApplicationInfo appInfo, ref AuthDelegateImplementation authDelegate)
{
try
{
// Initialize file profile settings to create/use local state.
var profileSettings = new FileProfileSettings("mip_data", false, authDelegate, new ConsentDelegateImplementation(), appInfo, LogLevel.Trace);
// Use MIP.LoadFileProfileAsync() providing settings to create IFileProfile.
// IFileProfile is the root of all SDK operations for a given application.
var profile = Task.Run(async() => await MIP.LoadFileProfileAsync(profileSettings)).Result;
return(profile);
}
catch (Exception ex)
{
throw ex;
}
}
static void Main(string[] args)
{
//Initialize Wrapper for File API operations
MIP.Initialize(MipComponent.File);
}
public ActionResult InvokeMIP()
{
string name = User.Identity.Name;
ClaimsPrincipal principal = ClaimsPrincipal.Current;
var tenantId = principal.FindFirst(c => c.Type == "http://schemas.microsoft.com/identity/claims/tenantid").Value;
// Set path to bins folder.
var path = Path.Combine(
Directory.GetParent(Path.GetDirectoryName(new Uri(System.Reflection.Assembly.GetExecutingAssembly().CodeBase).LocalPath)).FullName,
Environment.Is64BitProcess ? "bin\\x64" : "bin\\x86");
//Initialize Wrapper for File API operations
MIP.Initialize(MipComponent.File, path);
//Create ApplicationInfo, setting the clientID from Azure AD App Registration as the ApplicationId
ApplicationInfo appInfo = new ApplicationInfo()
{
ApplicationId = clientId,
ApplicationName = appName,
ApplicationVersion = appVersion
};
//Instatiate the AuthDelegateImpl object, passing in AppInfo.
AuthDelegateImplementation authDelegate = new AuthDelegateImplementation(appInfo, tenantId);
//Initialize and instantiate the File Profile
//Create the FileProfileSettings object
var profileSettings = new FileProfileSettings(mipPath, false, authDelegate, new ConsentDelegateImplementation(), appInfo, LogLevel.Trace);
//Load the Profile async and wait for the result
var fileProfile = Task.Run(async() => await MIP.LoadFileProfileAsync(profileSettings)).Result;
//Create a FileEngineSettings object, then use that to add an engine to the profile
var engineSettings = new FileEngineSettings(name, "", "en-US");
engineSettings.Identity = new Identity(name);
var fileEngine = Task.Run(async() => await fileProfile.AddEngineAsync(engineSettings)).Result;
// Just a test code to check if all the custom labels are populated or not
foreach (var label in fileEngine.SensitivityLabels)
{
string labelName = label.Name;
}
//Set paths and label ID. You can paas file input stream too
string filePath = Server.MapPath(@"~/App_Data/DemoAIPDoc.docx");
string outputFilePath = @"D:\Test2.docx";
var stream = System.IO.File.OpenRead(filePath);
//Create a file handler for that file
//Note: the 2nd inputFilePath is used to provide a human-readable content identifier for admin auditing.
var handler = Task.Run(async() => await fileEngine.CreateFileHandlerAsync(stream, filePath, true)).Result;
LabelingOptions labelingOptions = new LabelingOptions()
{
AssignmentMethod = AssignmentMethod.Privileged, //important as we are removing the label
IsDowngradeJustified = true,
JustificationMessage = "Lowering label"
};
//remove the label
handler.DeleteLabel(labelingOptions);
// Commit changes, save as outputFilePath. You can also generate output stream
var result = Task.Run(async() => await handler.CommitAsync(outputFilePath)).Result;
return(RedirectToAction("Index"));
}
