Walkthrough: Granting and Removing Permissions for an Office Solution (2003 System)

Applies to

The information in this topic applies only to the specified Visual Studio Tools for Office projects and versions of Microsoft Office.

Project type

  • Document-level projects

  • Application-level projects

Microsoft Office version

  • Microsoft Office 2003

For more information, see Features Available by Application and Project Type.

This walkthrough demonstrates the basics of security in Visual Studio Tools for Office.

This walkthrough illustrates the following tasks:

  • Removing the default security setting.

  • Adding a new set of permissions.


You need the following components to complete this walkthrough:

  • Visual Studio Tools for Office (an optional component of Visual Studio 2008 Professional and Visual Studio Team System).

  • Microsoft Office Excel 2003.

Creating the Project

In this step, create an Excel Workbook project.

To create a new project

  • Create an Excel Workbook project with the name My Security Test, using the project template for Office 2003.

    The steps in this walkthrough assume that you save the project to C:\Walkthroughs. In the wizard, select Create a new document. For more information, see How to: Create Visual Studio Tools for Office Projects.

Visual Studio opens the new Excel workbook in the designer and adds the My Security Test project to Solution Explorer.

Adding Code Behind the Worksheet

The project needs some code that you can run to test whether the security is set correctly. For this walkthrough, add a message box to an initialization event of the worksheet.

To add a message box to an initialization event

  1. Verify that the My Security Test.xls workbook is open in the Visual Studio designer, with Sheet1 displayed.

  2. In Solution Explorer, right-click Sheet1.vb or Sheet1.cs, and then click View Code on the shortcut menu.

  3. Add the following code to the Startup method inside class Sheet1 to show a message box during initialization.

    Private Sub Sheet1_Startup(ByVal sender As Object, ByVal e As System.EventArgs) _
        Handles Me.Startup
        MessageBox.Show("Security settings are correct.")
    End Sub
    private void Sheet1_Startup(object sender, System.EventArgs e)
        MessageBox.Show("Security settings are correct.");
  4. Press F5 to run the project.

    Excel starts and the message box appears.

  5. Close the message box.

  6. Close Excel.

  7. In the Visual Studio designer, find and select the tab for My Security Test.xls.

  8. Close My Security Test.xls (the Excel worksheet design surface) in the Visual Studio designer.

    You must close all open instances of Excel before you can change the security policy.

When you built the Excel Workbook project, the wizard added a new security code group and a child code group to the security policy at the User level.

Next, remove the code group that the wizard created.

Removing the Default Code Group

Find and remove the default code group that was created.

To remove a code group

  1. In Control Panel, open Administrative Tools.

  2. Run Microsoft .NET Framework 2.0 Configuration.

    The Microsoft .NET Framework 2.0 Configuration tool is not included with Visual Studio 2008. You can install it as part of the .NET Framework 2.0 Software Development Kit, which is available at the Microsoft Download Center. For an example, see .NET Framework 2.0 Software Development Kit (SDK) (x86).

  3. In the tree view panel, expand .NET Framework 2.0 Configuration, expand My Computer, expand Runtime Security Policy, expand User, expand Code Groups, expand All_Code, and then expand VSTOProjects.

    There is a GUID for each project you have created. Expand each GUID to see the path to the associated document.

  4. Right-click the GUID for the C:\Walkthroughs\My Security Test\My Security Test\bin\My Security Test.xls code group, and then click Delete on the shortcut menu.

    A dialog box appears, asking if you are sure you want to delete this code group.

  5. Click Yes.

  6. Go back to Visual Studio, and then press F5 to run the My Security Test project.

    An error message appears stating that the current .NET security policy does not permit the customization to run.

  7. Click OK.

  8. Close Excel.

The assembly cannot run if it does not have explicit permission in the Microsoft .NET Framework security policy.

Next, grant permission to the assembly using a strong name instead of a URL for evidence.

Giving a Strong Name to the Assembly

A strong name is generally more secure than a URL as evidence. You can create a strong name and assign it to the assembly in Visual Studio.

To create a strong name

  1. On the Project menu in Visual Studio, click My Security Test Properties.

  2. Click the Signing tab.

  3. Select Sign the assembly.

  4. In the Choose a strong name key file list, click New.

  5. In the Create Strong Name Key dialog box, type SecurityTestKey in the Key file name box.

  6. Clear the Protect my key file with a password check box.

  7. Click OK.

    The key file SecurityTestKey.snk appears in Solution Explorer.

  8. On the Build menu, click Build Solution to build the assembly against the strong name key pair.


It is important that you keep the key file safe. Generally, you should protect it with a password, and you should also take steps to prevent unauthorized people from gaining access to it. The key file is the basis for many trust decisions. Give the key file only to people who you think are trustworthy and responsible. If a malicious user gets your key file and discovers the password, that person can create malicious assemblies that look like you wrote them.

Granting Trust Based on Strong Name

Now add a new code group to grant full trust to the assembly based on the strong name.

To grant trust based on strong name

  1. Open Microsoft .NET Framework 2.0 Configuration again.

  2. Right-click the VSTOProjects node, and then click New on the shortcut menu.

  3. Type the name Security Test Strong Name for the new code group, and then click Next.

  4. In the Choose the condition type for this code group list, click Strong Name.

  5. Click Import.

  6. Browse to C:\Walkthroughs\My Security Test\My Security Test\bin\My Security Test.dll for Visual Basic or C:\Walkthroughs\My Security Test\My Security Test\bin\debug\My Security Test.dll for C#, and then click Open.

  7. Click Next.

  8. Click Next to accept the FullTrust permission set, and then click Finish.

  9. Close Microsoft .NET Framework 2.0 Configuration.

Testing the Application

Now you can test your project to ensure that your code runs when the workbook is opened.

To test your workbook

  1. Press F5 to run your project.

  2. Confirm that the message box appears.

See Also


How to: Grant Permissions to Folders and Assemblies (2003 System)

How to: Remove Permissions from Folders and Assemblies (2003 System)


Security Requirements to Run Office Solutions (2003 System)

Best Practices for Security in Office Solutions (2003 System)

Other Resources

Security in Office Solutions (2003 System)