Deploying Policy to User Machines
Conclusion
That was a lot of information; security administration can be complex. The key takeaways from this chapter include the following:
- VSTO customization code will not run under the "out-of-the-box" security policy. Some additional policy must be applied that allows customizations to run. Choose your enterprise's security policies carefully.
- The AppDomain policy level will not consider zone-based evidence for the customization assembly.
- Both the customization and the document location must be fully trusted; there is no partial-trust scenario for calling the Word and Excel object models.
- Strong names and publisher certificates use similar technology but solve slightly different problems. It is possible to use both forms of evidence in the same assembly.
- A document that is opened from an intranet or Internet location must have additional policy to trust the document location; this policy is created using the Office Document Membership Condition.