To read previously blogposts on the subject please see:
- Creating and Deploying Managed COM Add-ins with VSTO 2005 SE – Part I
- Creating and Deploying Managed COM Add-ins with VSTO 2005 SE – Part II
- Creating and Deploying Managed COM Add-ins with VSTO 2005 SE – Part III
- Creating and Deploying Managed COM Add-ins with VSTO 2005 SE – Part IV
- Creating and Deploying Managed COM Add-ins with VSTO 2005 SE – Part V
The hard part – Code Access Security Policy
Code Access Security (CAS) is the most difficult and the most challenge part of creating workable VSTO setups. It’s also the most confusing part of .NET, especially for those of us that come from a pure VBA environment. I’m the first to admit that writing this post is also difficult due to the subject.
In order to fully understand it we need to have deeper knowledge about:
- .NET Framework,
- .NET Framework’s security model,
- VSTO’s security model,
- How to work with different kind of manifests and
- How to work with the available tools to create and control the security part of setups.
This blogpost only cover CAS as part of VSTO created managed COM Add-ins’s setups. For obvious reasons it’s not possible to cover it all and the blogpost should be considered as an introduction to VSTO’s security. Compared with workbook level solutions (workbooks and templates) the security aspect for managed COM Add-ins is, in my opinion, less complex.
For a general introduction about CAS please see the following online resources:
- Understanding .NET Code Access Security
- Code Access Security (CAS) and Design Pattern
- Managing .NET Code Access Security (CAS) Policy
As for the VSTO’s security model it exist one important aspect that we need to be aware of:
- Whenever a VSTO customization is loaded it must be granted ‘full trust’.
When we create a new VSTO project on the developing machine the project gets the CAS status of ‘full trust’. It means that the project will run as expected on the developing machine without any restrictions which is fine.
In view of the above and the fact we use a lot of wizards on .NET platform I wonder why the creation of basic CAS policy setups has not yet been implemented as part of the ‘wizard’ when creating VSTO projects.
In my opinion that would be an excellent solution and it would also make it more possible to create VSTO’s setups that work.
For a general start and introduction about VSTO’s security please see Security in Office Solutions and the article Security Requirements to Run Office Solutions gives a good picture of the requirements.
As for the series VSTO Case project we can grant security trust to it in the following ways:
- Using .NET Framework 2.0 Configuration tool with which we can configure a CAS policy. The CAS policy can either be installed as a standalone or part of a VSTO setup. This is typically used within corporates with a high control of the targeting machines, i e the configuration of the targeting computers is identical.
- Creating batch scripts where the caspol.exe is used to change the security policy. This is also a typical corporate approach.
- Create from scratch our own CAS policy project in VB.NET or C#.
- Add the SetSecurity Project from the online available VSTO2005 Windows Installer Sample to the project.
The section “Walkthrough: Enhancing the Outlook Add-in Setup Project in the article Deploying Visual Studio 2005 Tools for Office Solutions Using Windows Installer: Walkthroughs (Part 2 of 2) gives the necessarily details to create a working CAS setup.
The following are the details for the VSTO Case:
A screenshot of the project in the Solution Explorer when the SetSecurity project has been added:
The following screenshot shows the Custom Actions Editor where we add the wanted Action Data:
The following string (added in one line) is added to the property CustomActionData of the Install method:
/solutionCodeGroupDescription=”Code group for VSTOCase”
/assemblyCodeGroupDescription=”Code group for VSTOCase” /allUsers=[ALLUSERS]
The following string is added to the property CustomActionData of the Rollback method:
The following string is added to the property CustomActionData of the Uninstall method:
In the next blogpost in the series I will end the case study. Meanwhile I would like to see that MSFT update their referred articles here as soon as possible to also include Office 2007.
Finally, if You’re looking for an introduction for developing VSTO solutions then Creating Office Solutions in Visual Studio may be a good place to start with.