Code Access Security

This applied to Visual Studio 2005.
In Visual Studio 2008 this was replaced with Inclusion Lists


One of the key security design principals of VSTO is that it is secure by default which means no code is allowed to run unless it has been given explicit permissions
You always have to instruct the .NET security model to trust your VSTO customisation or add-in before it will run on a users machine.


End users can change their macro settings for their Office applications or you can use Code Access Security (CAS) to do this for them.


These security measures make deployment more complex than VBA solutions because you must grant permissions to assemblies that you deploy.


When you deploy your add-in the add-in assembly and all references assemblies must be given full trust in the security policy for each end user.



The Microsoft Office object models (Excel and Word) have no way of partially trusting code.
These object models were designed to always be called by code that was fully trusted.
Therefore when a VSTO customisation assembly is loaded it must be granted full trust otherwise it wont run.


Code Access security prevents unauthorised access to protected resources and operations.
Code Access security can be used to do the following:

  • restrict what your code can do

  • restrict which code can call your code

  • identify code


Every time an assembly is loaded the code access security model determines what permission set should be granted to that assembly.


Code access security uses code groups to manage permissions


CAS determines whether code is safe to run based on criteria such as the location of the code, whether the code is signed and the permissions that have been set by the administrator.
For a solution to run you must set the Code Access Security policy.
There are two ways to do this:
1) Using the caspol.exe command line utility.
2) Using the .NET Configuration Tool


Neither the Publish Wizard or the Setup projects will set the security policy for you automatically or check that the client machine is set up correctly.


Code Groups

A code group is way of identifying code based on a specific condition.
For example you might have:

  • a code group representing all code from a particular website

  • a code group representing all code that has a particular strong name

  • a code group representing just a specific assembly


There are several built-in code groups
Zones describe where the code comes from.

  • My_Computer_Zone -

  • LocalIntranet_Zone -

  • Internet_Zone -


Evidence

Evidence determines whether the code belongs to a particular code group.

  • Types of evidence

  • Site -

  • Strong Name -

  • Zone -

  • URL - evidence most commonly used by VSTO

  • Certificates -


This is a configurable set of rules that determine what permissions to grant to code.
The permissions that a particular assembly receives is the intersection of the permission sets allowed by these three policies
Within a policy level, the permission is granted to an assembly is (usually) the least-restrictive union of all the applicable code groups.
Each policy level is represented by a hierarchical structure of code groups.
Every code group has a membership condition that determines which code is a member of that group.
A named permission set is also associated with each code group
This permission set specifies the run-time permissions allowed when the membership condition is satisfies


There are four different policy levels and each level has its own code groups and permission sets


The set of permissions that an assembly receives is determined by the intersection of the permission sets


  • Enterprise - all managed code in an enterprise setting

  • Machine - all managed code on the computer

  • User - all managed code in all processes associated with the current user

  • Application - (or Application Domain) all managed code in the hosts application domain. This level can strengthen the overall security policy by requiring more stringent evidence than the other 3 policy levels.


SetSecurity Project

This project just calls the caspsol tool and grants full trust to your solution assembly.
This project is extremely useful when you are deploying VSTO add-ins.


Creates a new Code Group on the Install method
Removes this code group on the RollBack and Uninstall methods
This code group must be unique


Download a copy and paste it into your solution folder.
Right mouse click on solution and select (Add > Existing Project)


1) Add the primary output
Right mouse click on the Setup project and select
(Add > Project Output)
Select "SetSecurity" and "Primary Output", click OK


2) Create Custom Actions for the Install
Right mouse click on the Setup project and select
(View > Custom Actions)
In the Custom Actions editor, click on Install
Right click and select "Add Custom Action"
Click on Application Folder and select "Primary output for SetSecurity (Active)"
click OK
CustomAction property
SS - code


3) Create the Custom Action for the Rollback
In the Custom Actions editor, click on Rollback
Right click and select "Add Custom Action"
Click on Application Folder and select "Primary output for SetSecurity (Active)"
click OK
CustomAction property
SS - code


3) Create the Custom Action for the Uninstall
In the Custom Actions editor, click on Rollback
Right click and select "Add Custom Action"
Click on Application Folder and select "Primary output for SetSecurity (Active)"
click OK
CustomAction property
SS - code



© 2020 Better Solutions Limited. All Rights Reserved. © 2020 Better Solutions Limited TopPrevNext