Skip to main content

Document Protection

  • 5 minutes to read

Restrict Document Modification

You can restrict document modification using the Document.Protect method. This method sets the password, and specifies actions allowed for the protected document (the DocumentProtectionType enumeration values). The Document.IsDocumentProtected property indicates whether content modification protection is enabled.

If you want to protect only parts of the document, separate the document into sections and protect specific sections. To protect a section, set the ProtectedForForms property to true. For more information on sections, refer to the following topic: Sections.

Use the Document.Unprotect method to disable protection. Note that it unlocks the document without a password request. To prompt the user to enter a password, execute the UnprotectDocumentCommand command.


The RichEditDocumentServer protection affects only the document modification.

Open and Save Password-Encrypted Files

The RichEditDocumentServer allows you to load and save password-encrypted files.

Open an Encrypted File

Specify the RichEditDocumentImportOptions.EncryptionPassword property to decrypt a loaded file. The table below lists a chain of events raised if the EncryptionPassword property is not specified or returns an invalid password.

Event Description
RichEditDocumentServer.EncryptedFilePasswordRequested Raised if the EncryptionPassword property is not specified or returns an invalid password. Use the EncryptedFilePasswordRequestedEventArgs.Password property to specify a new password.
RichEditDocumentServer.EncryptedFilePasswordCheckFailed Raised if the EncryptedFilePasswordRequestedEventArgs.Password is set to an empty or invalid password. Handle this event to obtain the error that led to this event (Error) and determine whether to prompt a user for a password (TryAgain).
RichEditDocumentServer.DecryptionFailed Raised if the TryAgain property is not specified or set to false, or when the RichEditDocumentServer failed to load an encrypted file. The Exception property indicates the exception that led to this event.

The code sample below shows how to handle the RichEditDocumentServer.EncryptedFilePasswordRequested and RichEditDocumentServer.EncryptedFilePasswordCheckFailed events to prompt users to enter a password. If the user cancels the operation, the RichEditDocumentServer shows an exception message and cancels loading the file.

View Example

static bool IsValid { get; set; }

static void Main(string[] args)
    RichEditDocumentServer server = new RichEditDocumentServer();
    server.EncryptedFilePasswordRequested += Server_EncryptedFilePasswordRequested;
    server.EncryptedFilePasswordCheckFailed += Server_EncryptedFilePasswordCheckFailed;
    server.DecryptionFailed += Server_DecryptionFailed;


private static void Server_EncryptedFilePasswordRequested(object sender, EncryptedFilePasswordRequestedEventArgs e)
    //Prompt the user to enter the password
    Console.WriteLine("Enter password:");
    e.Password = Console.ReadLine();
    e.Handled = true;

private static void Server_EncryptedFilePasswordCheckFailed(object sender, EncryptedFilePasswordCheckFailedEventArgs e)
    //Analyze the password error:
    switch (e.Error)
        //If the password is empty, raise the request again
        case RichEditDecryptionError.PasswordRequired:
            Console.WriteLine("You did not enter the password!");
            e.TryAgain = true;
            e.Handled = true;
        //If the password is invalid, ask user whether to continue the operation:
        case RichEditDecryptionError.WrongPassword:
            Console.WriteLine("The password is incorrect. Try Again? (y/n)");
            string answer = Console.ReadLine()?.ToLower();
            if (answer == "y")
                e.TryAgain = true;
                e.Handled = true;
            //If user cancels the operation, show an exception message:
                IsValid = false;

private static void Server_DecryptionFailed(object sender, DecryptionFailedEventArgs e)
    Console.WriteLine(e.Exception.Message.ToString()+" Press any key to close...");

The RichEditDocumentServer.EncryptedFileIntegrityCheckFailed event occurs if the document did not pass the code verification.

Encrypt a Document with a Password

Use the Document.Encryption property to obtain the encryption options.

server.Document.Encryption.Type = DevExpress.XtraRichEdit.API.Native.EncryptionType.Strong;
server.Document.Encryption.Password = "12345";  

Call the RichEditDocumentServer.SaveDocument(String, DocumentFormat, EncryptionSettings) method overload to password-protect the document on save. Use the EncryptionSettings object properties to specify password and protection type.

EncryptionSettings encryptionSettings = new EncryptionSettings();
encryptionSettings.Type = EncryptionType.Strong;
encryptionSettings.Password = "12345";

server.SaveDocument("EncryptedFile.docx", DocumentFormat.OpenXml, encryptionSettings);

Grant Permission to Users

Create Range Permissions as described in the steps below to allow certain users to edit parts of a protected document.

  1. Call the SubDocument.BeginUpdateRangePermissions method to access the document range permissions collection.
  2. Create a new RangePermission object using the RangePermissionCollection.CreateRangePermission method.

  3. Utilize the RangePermission.UserName or RangePermission.Group property to specify the user or group of users that are allowed to edit the document range

    Make sure that the property value is equal to the target user’s credentials.

  4. Add the created object to the RangePermissionCollection.

  5. Finalize the modification by calling the SubDocument.EndUpdateRangePermissions method.

  6. Enable document protection. When protection is enabled, ranges without editing permissions are read-only.

    View Example

    server.LoadDocument("Documents//Grimm.docx", DocumentFormat.OpenXml);
    Document document = server.Document;
    // Protect document range
    RangePermissionCollection rangePermissions = document.BeginUpdateRangePermissions();
    RangePermission rp = rangePermissions.CreateRangePermission(document.Paragraphs[3].Range);
    rp.Group = "Administrators";
    rp.UserName = "";
    // Enforce protection and set password.