Add-ins and security

[Alex]

Hello,

I have a couple of questions.

1) Strong naming:

My C# add-in uses a COM DLL.
Visual Studio generated a wrapper for it and put the following into the "references" of the project:

<Reference
Name = "MyHelperLib"
Guid = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
VersionMajor = "1"
VersionMinor = "0"
Lcid = "0"
WrapperTool = "tlbimp"
/>

Unfortunately, I see no way to assign a strong name to the wrapper so I cannot strong-name the assembly.

Is there a solution?


2) Trusted directory:

The highest security setting of Word 2003 only allows add-ins and templates from "trusted" directories.

How do I make the directory into which my add-in is installed trusted?


Thank you.

Best wishes,
Alex.

 

[Peter Huang [MSFT]]

Hi

1) It seems that you want a PIA.
Generating Primary Interop Assemblies
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
l/cpcongeneratingprimaryinteropassemblies.asp

2)I think you need to make a COM Shim
Isolating Office Extensions with the COM Shim Wizard
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dno2k3ta/ht
ml/ODC_Office_COM_Shim_Wizards.asp
There are two particular reasons why you should use a COM shim¡ªeither the
built-in COM shim provided by the Visual Studio Tools for Office loader or
a custom COM shim¡ªfor your managed Office extensions:

Security. If you set the Office macro security level to High (or Very High
in Office 2003), as is recommended, then Office examines the DLLs it loads
for digital signatures. When you deploy a managed extension, the DLL that
Office examines for signatures is always Mscoree.dll. This is the .NET
common language runtime (CLR) engine, which in turn loads your custom
managed extension DLL. The problem is that you cannot digitally sign
Mscoree.dll. Therefore, you need to interpose a COM shim DLL, which you can
sign, as the first DLL that Office examines for signatures.
Isolation. If you do not use a standard COM shim (such as the Visual Studio
Tools for Office loader) or provide your own custom COM shim, your
extension DLL loads into the default application domain along with all
other un-shimmed extensions. All DLLs running in the same application
domain are vulnerable to potential damage caused by any other DLL in the
same application domain. Also, any un-shimmed add-in that crashes in a host
application disables all other un-shimmed add-ins for that application.


Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Alex]

Hello Peter,

1) It seems that you want a PIA.

Yes, it seems that we do. Thank you!

2) I think you need to make a COM Shim

We already have a strong-named shim.
Works fine at the "high" setting of Word 2003 but not at the "very high" setting, which is what I was asking about.


Best wishes,
Alex.

 

[Peter Huang [MSFT]]

Hi

Here are two KB article for your reference.
Macros and add-ins do not run when security is set to High in PowerPoint
2003, in PowerPoint 2002, in Word 2003 and in Word 2002
http://support.microsoft.com/default.aspx?scid=KB;[LN];285514

If the Very High macro security setting is turned on and the "Trust all
installed add-ins and templates" check box is not selected, the macro will
not run, even from a trusted location. Add-ins can be installed in any
location, not just trusted locations. Under these circumstances, add-ins
also will not run. If a macro tries to run under these circumstances, you
receive the following message:
827725 Description of the Very High security setting in Office 2003
http://support.microsoft.com/?id=827725

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Peter Huang [MSFT]]

Hi

Did my suggestion help you?
If you still have any concern, please feel free to post here.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Alex]

Hello Peter,

Did my suggestion help you?
If you still have any concern, please feel free to post here.

We are proceeding according to your suggestions.

However, we hit another issue: our add-in uses a template.
Can I strong-name a template? How?


Best wishes,
Alex.

 

[Peter Huang [MSFT]]

Hi

What do you mean by "Template" in an Addin?
Do you mean a *.dot word template file, and you want to run the VBA Code in
the dot file?
Very High Trust all installed add-ins and templates Result
ON ON Macros will run only from trusted locations.
If so I think you need to put it in the trusted location per the KB in the
last post.


Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.