DEV391

Security and Deployment of Office Solutions Built with Visual Studio .NET Eric CarterLead DeveloperVisual StudioMicrosoft Corporation

Agenda

Introduction

Policy, Permissions and Evidence

Security Model

Deployment Options

Wrap-Up

Introduction

Visual Studio Tools for Office

Adds Word and Excel solutions to Visual Studio 2003

Focus on document-centric solutions

Does not replace VBASame development model

Different security and deployment

Policy

Policies help us make decisionsGovernments - Foreign Policy

Retailers - Exchange & Returns Policy

Parents - Bedtime Policy :-)

More than just technical measuresThe “human factor”

Holistic approach

Security Policy is a tool to help us protect assets

Office Security Policy

No code runs by default

Code may execute once it is explicitly trusted

Once trusted, code has all the permissions of the current user

No exceptions!

Office Policy in EffectOffice Policy in Effect

demodemo

Permissions and Evidence

Permissions grant access to things

Evidence makes claims about things

Conditions tie them together:To have P, you must prove C

To prove C, you must present E

Note:Permissions may have unintended consequences

Evidence may not be trustworthy

Permissions and Permissions and EvidenceEvidence

demodemo

““Bob” and “Betty”Bob” and “Betty”The BankThe Bank

Hello, how Hello, how can I help can I help

you?you?

I’d like to I’d like to withdraw $500 withdraw $500

from my from my account, account, pleaseplease

I need to I need to see some see some ID, pleaseID, please

Sure…Sure…

Sorry, that is not Sorry, that is not good enough. Do good enough. Do

you have you have anything else?anything else? Sure…Sure…

Great, here’s Great, here’s your $500your $500

Thanks!Thanks!

Have a nice Have a nice day!day!

Mapping to the CLR

Permissions grant access to thingsEvidence makes claims about thingsConditions tie them together:

To access the registry, code must be “installed”To be “installed”, code must come from the MyComputer Zone

Often expressed in reverse:If code comes from http://MyServer/, it is partially trustedIf code is partially trusted, it can display UI and store temporary files

Office Specifics

Office solutions built with the Visual Studio Tools require FullTrust

FullTrust: All possible permissions

Office does not honour default MyComputer Zone evidence

Just like Bob’s hand-written note

Therefore, you need stronger evidenceLocation

Publisher or Strongname

Hash

Trusting Documents

Local documents trusted by defaultNetwork documents must be trusted before they can host code

Code must also be trusted!

Traditional evidence unsuitableDocuments not easily “signed”

Little control over content on shares

OfficeDocumentMembershipCondition used to trust documents on shares

Office provides evidence for documents

Policy Recommendations

Trust a Publisher or Strongname within a Zone or specific location

See Contoso example at end of deck

Do…Err on the side of caution

Plan for future projects

Don’t…Trust generic folders like C:\ or “My Documents”

Run as Administrator :-)

Setting up PolicySetting up Policy

demodemo

Deployment ModelsDocument and assembly on client

Non-admin installs Complete offline support Hard to maintain / upgrade

Document and assembly on server Easy maintenance Admin-only installs No offline ability

Mixed model (recommended)Document on client, assembly on server

Good compromise between the two

Offline SupportOffice supports basic off-line scenarios

Assembly is managed by the IE cache

Users must connect to the network at least once to cache assembly

Only HTTP locations are supportedUNC shares are not cached

User code must deal with offline stateFor example, no access to web services

Deploying Solutions

Developers can set “Assembly Link Location” in Visual Studio

Typically, code will be passed to an Administrator for signing / publishing

Administrators use Persistence Control to update references

Sample script in documentation

Documents can be e-mailed or published independently of code

Deploying PolicyClient machines must be updated before any Office solutions can run

Ref: “Office Security Policy” :-)

Several options for deployment:Manual changes by end users

Logon scripts / setup programs

Group Policy / SMS

If you follow the guidelines, policy should only need updating infrequently

Deploying SolutionsDeploying Solutions

demodemo

Summary

Office is secure by default

Planning your policy is key

Initial deploying may be trickyThe payoff is in ongoing maintenance

VBA is still there if you need it

Don’t run as Admin :-)

Q & AQ & A

Community ResourcesCommunity ResourcesMSDN Office Developer Centre:

http://msdn.microsoft.com/office/

Newsgroups:For VS Tools-specific issues, use microsoft.public.vsnet.vstools.office

For Excel-specific issues, use microsoft.public.excel.programming

For Word-specific issues, use microsoft.public.word.vba.general

For .NET security-specific issues, use microsoft.public.dotnet.security

Community Resources

Community Resourceshttp://www.microsoft.com/communities/default.mspx

Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/

NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx

User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx

evaluationsevaluations

© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Community Resources

Community Resourceshttp://www.microsoft.com/communities/default.mspx

Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/

NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx

User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx

evaluationsevaluations