DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead...
-
Upload
estella-ferguson -
Category
Documents
-
view
213 -
download
0
Transcript of DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead...
![Page 1: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/1.jpg)
DEV391
Security and Deployment of Office Solutions Built with Visual Studio .NET Eric CarterLead DeveloperVisual StudioMicrosoft Corporation
![Page 2: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/2.jpg)
Agenda
Introduction
Policy, Permissions and Evidence
Security Model
Deployment Options
Wrap-Up
![Page 3: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/3.jpg)
Introduction
Visual Studio Tools for Office
Adds Word and Excel solutions to Visual Studio 2003
Focus on document-centric solutions
Does not replace VBASame development model
Different security and deployment
![Page 4: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/4.jpg)
Policy
Policies help us make decisionsGovernments - Foreign Policy
Retailers - Exchange & Returns Policy
Parents - Bedtime Policy :-)
More than just technical measuresThe “human factor”
Holistic approach
Security Policy is a tool to help us protect assets
![Page 5: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/5.jpg)
Office Security Policy
No code runs by default
Code may execute once it is explicitly trusted
Once trusted, code has all the permissions of the current user
No exceptions!
![Page 6: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/6.jpg)
Office Policy in EffectOffice Policy in Effect
demodemo
![Page 7: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/7.jpg)
Permissions and Evidence
Permissions grant access to things
Evidence makes claims about things
Conditions tie them together:To have P, you must prove C
To prove C, you must present E
Note:Permissions may have unintended consequences
Evidence may not be trustworthy
![Page 8: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/8.jpg)
Permissions and Permissions and EvidenceEvidence
demodemo
““Bob” and “Betty”Bob” and “Betty”The BankThe Bank
![Page 9: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/9.jpg)
Hello, how Hello, how can I help can I help
you?you?
I’d like to I’d like to withdraw $500 withdraw $500
from my from my account, account, pleaseplease
I need to I need to see some see some ID, pleaseID, please
Sure…Sure…
![Page 10: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/10.jpg)
![Page 11: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/11.jpg)
Sorry, that is not Sorry, that is not good enough. Do good enough. Do
you have you have anything else?anything else? Sure…Sure…
![Page 12: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/12.jpg)
![Page 13: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/13.jpg)
Great, here’s Great, here’s your $500your $500
Thanks!Thanks!
Have a nice Have a nice day!day!
![Page 14: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/14.jpg)
Mapping to the CLR
Permissions grant access to thingsEvidence makes claims about thingsConditions tie them together:
To access the registry, code must be “installed”To be “installed”, code must come from the MyComputer Zone
Often expressed in reverse:If code comes from http://MyServer/, it is partially trustedIf code is partially trusted, it can display UI and store temporary files
![Page 15: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/15.jpg)
Office Specifics
Office solutions built with the Visual Studio Tools require FullTrust
FullTrust: All possible permissions
Office does not honour default MyComputer Zone evidence
Just like Bob’s hand-written note
Therefore, you need stronger evidenceLocation
Publisher or Strongname
Hash
![Page 16: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/16.jpg)
Trusting Documents
Local documents trusted by defaultNetwork documents must be trusted before they can host code
Code must also be trusted!
Traditional evidence unsuitableDocuments not easily “signed”
Little control over content on shares
OfficeDocumentMembershipCondition used to trust documents on shares
Office provides evidence for documents
![Page 17: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/17.jpg)
Policy Recommendations
Trust a Publisher or Strongname within a Zone or specific location
See Contoso example at end of deck
Do…Err on the side of caution
Plan for future projects
Don’t…Trust generic folders like C:\ or “My Documents”
Run as Administrator :-)
![Page 18: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/18.jpg)
Setting up PolicySetting up Policy
demodemo
![Page 19: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/19.jpg)
Deployment ModelsDocument and assembly on client
Non-admin installs Complete offline support Hard to maintain / upgrade
Document and assembly on server Easy maintenance Admin-only installs No offline ability
Mixed model (recommended)Document on client, assembly on server
Good compromise between the two
![Page 20: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/20.jpg)
Offline SupportOffice supports basic off-line scenarios
Assembly is managed by the IE cache
Users must connect to the network at least once to cache assembly
Only HTTP locations are supportedUNC shares are not cached
User code must deal with offline stateFor example, no access to web services
![Page 21: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/21.jpg)
Deploying Solutions
Developers can set “Assembly Link Location” in Visual Studio
Typically, code will be passed to an Administrator for signing / publishing
Administrators use Persistence Control to update references
Sample script in documentation
Documents can be e-mailed or published independently of code
![Page 22: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/22.jpg)
Deploying PolicyClient machines must be updated before any Office solutions can run
Ref: “Office Security Policy” :-)
Several options for deployment:Manual changes by end users
Logon scripts / setup programs
Group Policy / SMS
If you follow the guidelines, policy should only need updating infrequently
![Page 23: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/23.jpg)
Deploying SolutionsDeploying Solutions
demodemo
![Page 24: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/24.jpg)
Summary
Office is secure by default
Planning your policy is key
Initial deploying may be trickyThe payoff is in ongoing maintenance
VBA is still there if you need it
Don’t run as Admin :-)
![Page 25: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/25.jpg)
Q & AQ & A
![Page 26: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/26.jpg)
Community ResourcesCommunity ResourcesMSDN Office Developer Centre:
http://msdn.microsoft.com/office/
Newsgroups:For VS Tools-specific issues, use microsoft.public.vsnet.vstools.office
For Excel-specific issues, use microsoft.public.excel.programming
For Word-specific issues, use microsoft.public.word.vba.general
For .NET security-specific issues, use microsoft.public.dotnet.security
![Page 27: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/27.jpg)
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
![Page 28: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/28.jpg)
evaluationsevaluations
![Page 29: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/29.jpg)
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
![Page 30: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/30.jpg)
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
![Page 31: DEV391 Security and Deployment of Office Solutions Built with Visual Studio.NET Eric Carter Lead Developer Visual Studio Microsoft Corporation.](https://reader036.fdocuments.in/reader036/viewer/2022081603/5697bfa21a28abf838c96136/html5/thumbnails/31.jpg)
evaluationsevaluations