Post on 17-Jan-2016
transcript
DEV391
Security and Deployment of Office Solutions Built with Visual Studio .NET Eric CarterLead DeveloperVisual StudioMicrosoft Corporation
Agenda
Introduction
Policy, Permissions and Evidence
Security Model
Deployment Options
Wrap-Up
Introduction
Visual Studio Tools for Office
Adds Word and Excel solutions to Visual Studio 2003
Focus on document-centric solutions
Does not replace VBASame development model
Different security and deployment
Policy
Policies help us make decisionsGovernments - Foreign Policy
Retailers - Exchange & Returns Policy
Parents - Bedtime Policy :-)
More than just technical measuresThe “human factor”
Holistic approach
Security Policy is a tool to help us protect assets
Office Security Policy
No code runs by default
Code may execute once it is explicitly trusted
Once trusted, code has all the permissions of the current user
No exceptions!
Office Policy in EffectOffice Policy in Effect
demodemo
Permissions and Evidence
Permissions grant access to things
Evidence makes claims about things
Conditions tie them together:To have P, you must prove C
To prove C, you must present E
Note:Permissions may have unintended consequences
Evidence may not be trustworthy
Permissions and Permissions and EvidenceEvidence
demodemo
““Bob” and “Betty”Bob” and “Betty”The BankThe Bank
Hello, how Hello, how can I help can I help
you?you?
I’d like to I’d like to withdraw $500 withdraw $500
from my from my account, account, pleaseplease
I need to I need to see some see some ID, pleaseID, please
Sure…Sure…
Sorry, that is not Sorry, that is not good enough. Do good enough. Do
you have you have anything else?anything else? Sure…Sure…
Great, here’s Great, here’s your $500your $500
Thanks!Thanks!
Have a nice Have a nice day!day!
Mapping to the CLR
Permissions grant access to thingsEvidence makes claims about thingsConditions tie them together:
To access the registry, code must be “installed”To be “installed”, code must come from the MyComputer Zone
Often expressed in reverse:If code comes from http://MyServer/, it is partially trustedIf code is partially trusted, it can display UI and store temporary files
Office Specifics
Office solutions built with the Visual Studio Tools require FullTrust
FullTrust: All possible permissions
Office does not honour default MyComputer Zone evidence
Just like Bob’s hand-written note
Therefore, you need stronger evidenceLocation
Publisher or Strongname
Hash
Trusting Documents
Local documents trusted by defaultNetwork documents must be trusted before they can host code
Code must also be trusted!
Traditional evidence unsuitableDocuments not easily “signed”
Little control over content on shares
OfficeDocumentMembershipCondition used to trust documents on shares
Office provides evidence for documents
Policy Recommendations
Trust a Publisher or Strongname within a Zone or specific location
See Contoso example at end of deck
Do…Err on the side of caution
Plan for future projects
Don’t…Trust generic folders like C:\ or “My Documents”
Run as Administrator :-)
Setting up PolicySetting up Policy
demodemo
Deployment ModelsDocument and assembly on client
Non-admin installs Complete offline support Hard to maintain / upgrade
Document and assembly on server Easy maintenance Admin-only installs No offline ability
Mixed model (recommended)Document on client, assembly on server
Good compromise between the two
Offline SupportOffice supports basic off-line scenarios
Assembly is managed by the IE cache
Users must connect to the network at least once to cache assembly
Only HTTP locations are supportedUNC shares are not cached
User code must deal with offline stateFor example, no access to web services
Deploying Solutions
Developers can set “Assembly Link Location” in Visual Studio
Typically, code will be passed to an Administrator for signing / publishing
Administrators use Persistence Control to update references
Sample script in documentation
Documents can be e-mailed or published independently of code
Deploying PolicyClient machines must be updated before any Office solutions can run
Ref: “Office Security Policy” :-)
Several options for deployment:Manual changes by end users
Logon scripts / setup programs
Group Policy / SMS
If you follow the guidelines, policy should only need updating infrequently
Deploying SolutionsDeploying Solutions
demodemo
Summary
Office is secure by default
Planning your policy is key
Initial deploying may be trickyThe payoff is in ongoing maintenance
VBA is still there if you need it
Don’t run as Admin :-)
Q & AQ & A
Community ResourcesCommunity ResourcesMSDN Office Developer Centre:
http://msdn.microsoft.com/office/
Newsgroups:For VS Tools-specific issues, use microsoft.public.vsnet.vstools.office
For Excel-specific issues, use microsoft.public.excel.programming
For Word-specific issues, use microsoft.public.word.vba.general
For .NET security-specific issues, use microsoft.public.dotnet.security
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
evaluationsevaluations
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
evaluationsevaluations