Trusting Office Solutions by Using Inclusion Lists (2007 System)

Applies to

The information in this topic applies only to the specified Visual Studio Tools for Office projects and versions of Microsoft Office.

Project type

  • Document-level projects

  • Application-level projects

Microsoft Office version

  • 2007 Microsoft Office system

For more information, see Features Available by Application and Project Type.

Inclusion lists enable users to grant trust to Visual Studio Tools for Office solutions that are signed with a certificate that identifies the publisher. Inclusion lists are user-specific, and they can be used for document-level customizations and application-level add-ins.

When a user starts a Visual Studio Tools for Office solution that has not been granted trust for that user, the Microsoft Office solution prompts him or her for a security decision with a ClickOnce trust prompt. If the user decides to trust the solution, the customization runs and the user is not prompted the next time.

Structure of the Inclusion List

A valid inclusion list entry has two parts: a path to the deployment manifest, and the public key used to sign the solution. After a solution is added to the inclusion list, it is considered trusted. When the Office solution runs, the Office application compares the public key in the inclusion list with the signing key in the deployment manifest to verify that the solution that is currently running is the same as the original trusted version.

Modifying the Inclusion List Programmatically

If you want to add your solution to the inclusion list without prompting the user, you can add the solution programmatically. For more information about how to change the inclusion list, see How to: Add or Remove Inclusion List Entries (2007 System).

Modifying the inclusion list does not require administrator privileges.

ClickOnce Trust Prompt

By using the ClickOnce implementation in Visual Studio Tools for Office, administrators can configure the trust prompt level to allow prompting, disable prompting, or require a trusted certificate. This configuration is done by using a registry key that controls access to the inclusion list.

If prompting is disabled, only solutions that have a trusted and known certificate can be installed. If the prompting level is set to Authenticode required, the solution must be signed with a certificate from a known authority, but it does not require a certificate that chains to a trusted root authority (a trusted certificate). If prompting is allowed, the solution could be signed with a certificate with an unknown identity. In this scenario, the trust decision is deferred to the end user, and a temporary certificate would be sufficient to install a solution.

For more information, see How to: Configure Inclusion List Security (2007 System) and Table 2, titled Prompting Level Registry Key Value Launch Effects, in Configuring ClickOnce Trusted Publishers.

See Also

Tasks

How to: Add or Remove Inclusion List Entries (2007 System)

Concepts

Granting Trust to Office Solutions (2007 System)

Security in Office Solutions (2007 System)