Windows.Security.EnterpriseData namespace

Applies to Windows only

Contains classes that support Selective Wipe.

Members

The Windows.Security.EnterpriseData namespace has these types of members:

Classes

The Windows.Security.EnterpriseData namespace has these classes.

ClassDescription
FileRevocationManager Provides access to Selective Wipe operations.

 

Enumerations

The Windows.Security.EnterpriseData namespace has these enumerations.

EnumerationDescription
FileProtectionStatus Describes the selective wipe protection state of a file or folder.

 

Remarks

You can use selective wipe to identify protected files in your app that can be revoked when a user of your app is no longer authorized to your app data. This is a common scenario for businesses that allow employees to bring their own device to work. When the employee leaves the company, the company files on their personal device can be removed.

For example, an employee brings their personal tablet computer to the office and uses it for business e-mails. The e-mail app can protect all files that are used to store company e-mails locally on the computer using Selective Wipe. This associates those files with the company using an enterprise identifier, such as "sample.com". If the user is no longer an employee of the company, then the next time that they open the company e-mail app, the app can determine that the user is no longer an employee and tell Selective Wipe to revoke access to all files protected for their enterprise identifier. When the app attempts to access a file and determines that it is revoked, the app can then delete the file.


ApplicationData appRootFolder = ApplicationData.Current;
string enterpriseIdentity = "example.com";
int AccessDeniedHResult = -2147024891;  // Access Denied (0x80070005)



// Add a folder and protect it using Selective Wipe.
private async Task<StorageFolder> AddFolder(string folderName)
{
    StorageFolder newFolder = await appRootFolder.LocalFolder.CreateFolderAsync(folderName);

    var status = await ProtectItem(newFolder, enterpriseIdentity);

    return newFolder;
}

// Add a file and protect it using Selective Wipe.
private async Task<StorageFile> AddFile(string fileName, StorageFolder folder)
{
    StorageFile newFile = await folder.CreateFileAsync(fileName);

    var status = 
        await Windows.Security.EnterpriseData.FileRevocationManager.
            GetStatusAsync(newFile);

    if (status != Windows.Security.EnterpriseData.FileProtectionStatus.Protected)
    {
        status = await ProtectItem(newFile, enterpriseIdentity);
    }

    return newFile;
}

private async Task<Windows.Security.EnterpriseData.FileProtectionStatus> 
    ProtectItem(IStorageItem item, string enterpriseIdentity)
{
    var status = 
        await Windows.Security.EnterpriseData.FileRevocationManager.
            ProtectAsync(item, enterpriseIdentity);

    return status;
}



private async Task<IRandomAccessStream> GetFileContents(string filePath)
{
    IRandomAccessStream stream = null;
    StorageFile file = null;

    try
    {
        file = await StorageFile.GetFileFromPathAsync(filePath);
        stream = await file.OpenReadAsync();
    }
    catch (UnauthorizedAccessException e)
    {
        if (e.HResult == AccessDeniedHResult)
        {
            // Delete file if it has been revoked.
            SelectiveWipeCleanup(file);
        }

        return null;
    }

    return stream;
}

// Delete items revoked by Selective Wipe.
private async void SelectiveWipeCleanup(StorageFile file)
{
    var status = await Windows.Security.EnterpriseData.FileRevocationManager.GetStatusAsync(file);
    if (status == Windows.Security.EnterpriseData.FileProtectionStatus.Revoked)
    {
        await file.DeleteAsync();
    }
}



var appRootFolder = Windows.Storage.ApplicationData.current;
var enterpriseIdentity = "example.com";
var accessDeniedHResult = -2147024891;  // Access Denied (0x80070005)



// Add a folder and protect it using Selective Wipe.
function addFolder(folderName) {
    appRootFolder.localFolder.createFolderAsync(folderName).then(
        function (newFolder) {
            protectItem(newFolder);
        });
}

// Add a file and protect it using Selective Wipe.
function addFile(fileName, folder) {
    folder.createFileAsync(fileName).then(
        function (newFile) {
            Windows.Security.EnterpriseData.
                FileRevocationManager.getStatusAsync(newFile).then(
                    function (status) {
                        if (status != Windows.Security.EnterpriseData.
                                FileProtectionStatus.Protected) {
                            protectItem(newFile, enterpriseIdentity);
                        }
                    });
        },
        function (err) {
            // Handle error. For example, file already exists.
        });
}

function protectItem(item, enterpriseIdentity) {
    Windows.Security.EnterpriseData.FileRevocationManager.
        protectAsync(item, enterpriseIdentity).then(
            function (status) {
                return status;
            });
}



function getFileContents(filePath) {
    var stream;
    var file;

    Windows.Storage.StorageFile.getFileFromPathAsync(filePath).then(
        function (f) {
            file = f;
            file.openReadAsync().then(
                function (s) {
                    stream = s;
                    return stream;
                },
                function (err) {
                    if (err.number == accessDeniedHResult) {
                        // Delete file if it has been revoked.
                        selectiveWipeCleanup(file);
                    }
                });
        });

    return null;
}

// Delete items revoked by Selective Wipe.
function selectiveWipeCleanup(file) {
    Windows.Security.EnterpriseData.FileRevocationManager.
        getStatusAsync(file).then(
            function (status) {
                if (status == 
                    Windows.Security.EnterpriseData.FileProtectionStatus.revoked) {
                        file.deleteAsync();
                }
        });

}



function initializeApp(userName) {
    if (getUserStatus(userName) == "Not Found") {
        Windows.Security.EnterpriseData.FileRevocationManager.revoke(enterpriseIdentity);
    }
}


Requirements

Minimum supported client

Windows 8

Minimum supported server

Windows Server 2012

Minimum supported phone

None supported

Namespace

Windows.Security.EnterpriseData
Windows::Security::EnterpriseData [C++]

Metadata

Windows.winmd

 

 

Show:
© 2014 Microsoft