ADO Security Warnings in InfoPath

[rasx]

Dear InfoPath Team:

When I open an InfoPath form connected to a SQL Server database via an
Office Data Connection (ODC) I get annoying security warning messages. The
assumption here is that the ADO 2.8 security settings are NOT configurable by
developers. It appears the a solution is to explore signing forms or “fully
trusting†forms—or using a web service (preferably with ADO.NET datasets—an
implied recommendation based on a recent InfoPath webcast). I even saw posts
in the InfoPath MSDN discussion group about this matter but only sketches
about setting Internet Explorer security levels were suggested by someone not
from Microsoft.

Please see the images attached to the Blog entry version of this post to
view the error messages:

http://spaces.msn.com/members/rasx/Blog/cns!1ptAuj6tD_zAu_dIRM-HCKaA!134.entry

 

[rasx]

Maybe it’s a late-night glitch at MSDN.com but I cannot find anything on the
InfoPath SDK. I feel like I am incorrectly blaming myself for this oversight.
In the meantime, I am resorting to Google’s cache to pull up “Understanding
Fully Trusted Forms†that cannot be found at MSDN:

“For a form to be used, InfoPath must be able to access the form template
that the form is based on. When you create a form template, InfoPath creates
an entry in the form definition (.xsf) file that contains the URL of the
location of the form template. A URL-based form is said to be sandboxed: When
a user fills it out, the form is placed in a local cache and denied access to
system resources. This type of form inherits its permissions from the domain
in which it is opened…However, you can modify a form so that it is based on a
Uniform Resource Name (URN) instead, allowing access to system resources.
Forms of this type are said to be fully trusted.â€

This article goes on to explain how to use REGFORM.EXE to mark a form fully
trusted in the context of formalized maintenance and deployment. Since I am
just trying to open one form on one machine for informal use without annoying
ADO security warnings this is my simplified version:

* Locate REGFORM.EXE. I found my copy under %ProgramFiles%\Microsoft
Office 2003 Developer Resources\Microsoft Office InfoPath 2003
SDK\Tools\regform.exe.

* Run REGFORM.EXE MyForm.xsn to generate a Jscript file that will
perform the full trust operation (and make a backup file of the original XSN
file).

* Run the Jscript file using CSCRIPT.

For a brutally honest overview of the InfoPath security “model,†see
“InfoPath SP1 Security†on David Fries' WebLog. I will continue to look for
InfoPath SDK documentation on MSDN. I still think it’s my fault. I can’t
imagine professional developers pulling documentation without explanation and
not even announcing it on at least one Blog.

 

[Brian Teutsch [MSFT]]

It's very much online.
http://msdn.microsoft.com/office/understanding/infopath/devdocs/default.aspx

Brian