Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Visual Studio.NET / VS Tools for Office / May 2006

Tip: Looking for answers? Try searching our database.

VSTO 2005 Excel document - permission problems

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
urs.eichmann@gmail.com - 24 May 2006 09:24 GMT
Hello,
I have deployed our VSTO 2005 Excel application to a network share
using the publish wizard, and also gave full trust to the network share
location on every client computer.

Now, the people using this Excel document like to do the following
things:
- Save the document to arbitrary locations, such as the local "My
Documents" folder or to a network share on one of many file servers in
the company
- Send the document per e-Mail to other users within the company

If they save the document to either the local hard disk or to the same
network share as the application was originally distributed, it is ok.
However, if they choose to save it elsewhere or to e-mail it to a
fellow coworker, they get the following exception when opening the
document:
The customization does not have the required permissions to execute.

************** Exception Text **************
System.Security.SecurityException: The customization does not have the
required permissions to execute.
  at
Microsoft.VisualStudio.Tools.Applications.Runtime.AppDomainManagerInternal.HandleOnlineOffline(Exception
e, String basePath, String filePath)
  at
(...)

I generally want that the documents can be saved anywhere (within the
company's file servers) and also be sent via e-mail. How can that be
achieved? (I'm aware that I could switch off .NET security altogether,
but that is not an option).

What I do not understand: The .NET Assemblies are saved in the original
network share location and are being loaded from there, even if the
document is saved elsewhere. So the location where the .NET assemblies
are is still trusted. Why is there still an exception being thrown?

Thanks for any help
Urs
Reply to this Message
Harry Miller [MSFT] - 24 May 2006 16:16 GMT
Security is often hard to diagnose from a distance, but I'll offer some
speculation :-)

The document needs full trust too, before it will run the assembly. If the
user saves the document to a normal folder on his or her own computer, it
gets full trust automatically. But if the user opens a document that is
attached to an e-mail message, the document runs in Internet zone and does
not have full trust. The user can easily work around that by saving the
document somewhere like the desktop or My Documents, and then opening the
saved copy.

If the user opens a document that is on a network share that has not been
granted full trust explicitly, the document does not have full trust and
won't run the code. It's not usually good to grant full trust to any network
share where users might want to run documents, in case malicious code gets
put there and receives the trust automatically. But there might be a way
that you could grant full trust to documents on network shares, without
granting full trust to all code. Have a look at this topic in the
documentation and see if could use msosec.dll:
http://msdn2.microsoft.com/en-us/library/9w6bd8f1(VS.80).aspx

Signature

Harry Miller
This posting is provided "AS IS" with no warranties, and confers no rights.

> Hello,
> I have deployed our VSTO 2005 Excel application to a network share
[quoted text clipped - 19 lines]
> required permissions to execute.
>    at

Microsoft.VisualStudio.Tools.Applications.Runtime.AppDomainManagerInternal.H
andleOnlineOffline(Exception
> e, String basePath, String filePath)
>    at
[quoted text clipped - 12 lines]
> Thanks for any help
> Urs
Reply to this Message
urs.eichmann@gmail.com - 29 May 2006 08:15 GMT
Thanks Harry for this suggestion. However, as far as I can see you
still have to specify specific network share folders when you implement
the procedures suggested in this document. Also, they say that adding
msosec.dll to the security policy will have a negative effect on the
performance of all managed applications :-(

Seems like we have to live with these restrictions... I already wonder
how I can explain this to my clients...

best regards,
Urs
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.