The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

Walkthrough: Granting and Removing Permissions for an Office Solution

Note Required applications

The features in this topic are available only if you have the required applications installed.

For more information, see Features Available by Product Combination.

  • One of these development environments:

    VSTO 2005


    Visual Studio Team System

  • Microsoft Office 2003

This walkthrough demonstrates the basics of security in Microsoft Visual Studio 2005 Tools for the Microsoft Office System.

During this walkthrough, you will learn how to:

  • Remove the default security setting.

  • Add a new set of permissions.

  • Test your project.

To complete this walkthrough, you will need:

  • Visual Studio Tools for Office.

  • Microsoft Office Excel 2003.

In this step, you will create an Excel Workbook project.

To create a new project

Visual Studio opens the new Excel workbook in the designer and adds the My Security Test project to Solution Explorer.

In this step, you will add a message box to an initialization event of the worksheet.

To add a message box to an initialization event

  1. Verify that the My Security Test.xls workbook is open in the Visual Studio designer, with Sheet1 displayed.

  2. In Solution Explorer, right-click Sheet1.vb or Sheet1.cs, and then click View Code on the shortcut menu.

  3. Add the following code to the Startup method inside class Sheet1 to show a message box during initialization.

    private void Sheet1_Startup(object sender, System.EventArgs e)
        MessageBox.Show("Security settings are correct.");
  4. On the File menu, click Save All.

  5. In the Save Project dialog box, type C:\Walkthroughs in the Location box.

  6. Click Save.

  7. Press F5 to run the project.

    Excel starts and the message box appears.

  8. Close the message box.

  9. Close Excel.

  10. In the Visual Studio designer, find and select the tab for My Security Test.xls.

  11. Close My Security Test.xls (the Excel worksheet design surface) in the Visual Studio designer.

    You must close all open instances of Excel before you can change the security policy.

When you built the Excel Workbook project, the wizard added a new security code group and a child code group to the Runtime Security Policy at the User level.

Next, you will remove the code group that the wizard created.

Find and remove the default code group that was created.

To remove a code group

  1. In Control Panel, open Administrative Tools.

  2. Run Microsoft .NET Framework 2.0 Configuration.

  3. In the tree view on the left side, expand .NET Framework 2.0 Configuration, expand My Computer, expand Runtime Security Policy, expand User, expand Code Groups, expand All_Code, and then expand VSTOProjects.

    There is a GUID for each project you have created. Expand each GUID to see the path to the associated document.

  4. Right-click the GUID for C:\Walkthroughs\My Security Test\My Security Test\bin\My Security Test.xls code group, and then click Delete in the shortcut menu.

    A dialog box appears, asking if you are sure you want to delete this code group.

  5. Click Yes.

  6. Go back to Visual Studio, and then press F5 to run the My Security Test project.

    An error message appears stating that the current .NET security policy does not permit the customization to run.

  7. Click OK.

  8. Close Excel.

The assembly cannot run if it does not have explicit permission in the Microsoft .NET security policy.

Next, grant permission to the assembly using a strong name instead of a URL for evidence.

A strong name is generally more secure than a URL as evidence. You will create and assign a strong name to the assembly in the next steps.

To create a strong name

  1. On the Project menu in Visual Studio, click My Security Test Properties.

  2. Click the Signing tab.

  3. Select Sign the assembly.

  4. In the Choose a strong name key file list, click New.

  5. In the Create Strong Name Key dialog box, type SecurityTestKey in the Key file name box.

  6. Clear the Protect my key file with a password check box.

  7. Click OK.

    The key file SecurityTestKey.snk appears in Solution Explorer.

  8. On the Build menu, click Build Solution to build the assembly against the strong name key pair.


It is important that you keep the key file safe. Normally you should protect it with a password, and you should also take steps to prevent unauthorized people from gaining access to it. The key file is the basis for many trust decisions. Give the key file only to people who you think are trustworthy and responsible. If a malicious user gets your key file and discovers the password, that person can create malicious assemblies that look like you wrote them.

Now add a new code group to grant full trust to the assembly based on the strong name.

To grant trust based on strong name

  1. Open Microsoft .NET Framework 2.0 Configuration again.

  2. Right-click the VSTOProjects node, and then click New on the shortcut menu.

  3. Enter the name Security Test Strong Name for the new code group, and then click Next.

  4. In the Choose the condition type for this code group list, click Strong Name.

  5. Click Import.

  6. Browse to C:\Walkthroughs\My Security Test\My Security Test\bin\My Security Test.dll for Visual Basic or C:\Walkthroughs\My Security Test\My Security Test\bin\debug\My Security Test.dll for C#, and then click Open.

  7. Click Next.

  8. Click Next to accept the FullTrust permission set, and then click Finish.

  9. Close Microsoft .NET Framework 2.0 Configuration.

Now you can test your workbook to make sure that your code runs when the workbook is opened.

To test your workbook

  1. Press F5 to run your project.

  2. Confirm that the message box appears.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft