In the old daysback in the twentieth centurythe primary way that we got software onto our machines went something like this: Go to software store, buy a shrink-wrapped box containing disks, insert said disks into machine, install software. If that is the only way you put software on your machine, it is pretty hard to get a computer virus. Not impossible, but pretty hard.
That world is long gone; code in the twenty-first century is both highly mobile and highly componentized. Generally, "monolithic" applications such as Word and Excel now make extensive use of third-party components and store customized code behind documents. Many machines are constantly connected to the Internet, a worldwide network chock-full of evil hackers.
Ubiquitous networking and rich customization of everything from Web pages to spreadsheets are undoubtedly enabling technologies, but they come with the price of an enormous increase in the size of the "attack surface" available to malicious attackers. Anyone who has ever received a mass-mail virus e-mail or been infected by an Excel macro virus knows of what we speak!
Fortunately, the .NET Framework was designed from day one to provide tools to help mitigate the vulnerabilities inherent in modern software. This chapter starts with an overview of the .NET security system to explain some key concepts. Then the chapter takes a detailed look at how to use the .NET security system to keep yourself and your users productive while keeping attackers unproductive.
This discussion is especially relevant to VSTO because VSTO has the security model that no code is allowed to run by default. You will always have to configure the .NET security system to trust a VSTO customization or add-in you build before it will run on a user's machine.
Part One. An Introduction to VSTO
An Introduction to Office Programming
Introduction to Office Solutions
Part Two. Office Programming in .NET
Programming Excel
Working with Excel Events
Working with Excel Objects
Programming Word
Working with Word Events
Working with Word Objects
Programming Outlook
Working with Outlook Events
Working with Outlook Objects
Introduction to InfoPath
Part Three. Office Programming in VSTO
The VSTO Programming Model
Using Windows Forms in VSTO
Working with Actions Pane
Working with Smart Tags in VSTO
VSTO Data Programming
Server Data Scenarios
.NET Code Security
Deployment
Part Four. Advanced Office Programming
Working with XML in Excel
Working with XML in Word
Developing COM Add-Ins for Word and Excel
Creating Outlook Add-Ins with VSTO