Grant permissions to folders and assembly

Http://technet.microsoft.com/zh-cn/office/zdc263t0.aspx

How to: grant permissions to folders andProgramSet (2003 System)
Note:
Applicable
 
The information in this topic applies only to the specified Visual Studio Tools for office project and Microsoft Office version.

For more information, see the functions provided by application and project type.
Project Type

Document-level project

Application-level projects

Microsoft Office version

Microsoft Office 2003
 

The following procedure grants full trust to the Assembly or folder in the Visual Studio Tools for office solution. Generally, you must grant permissions to a specific assembly. If you have multiple assemblies and are sure that the location is secure, you can grant full trust to the folder where the Assembly is located. If you grant trusted permissions to a folder, all the assemblies in the folder and Its subfolders are also trusted.

In office solutions, there are three ways to grant permissions to folders and assembly:

Use the "Trust assemblies location" attribute in Visual Studio. (Available only during development .)

The "Trust assemblies location" attribute only works during development. This attribute does not affect end users. For this reason, you cannot use this method for deployment. For more information, see attributes in the Visual Studio Tools for office project.

Use the Microsoft. NET Framework 2.0 Configuration tool.

This tool provides a graphical user interface for using security policies. This tool is not attached to Visual Studio 2008. You can download the. NET Framework 2.0 SDK that contains the tool from the Microsoft download center. For examples, see. NET Framework 2.0 software development kit (SDK) (x86) (Microsoft. NET Framework 2.0 software development kit (SDK) (x86 )).

Use"CodeAccess Security policy tool (caspol.exe ).

This tool is used to use the security policy command line interface.

Note:
The above are the basic steps for setting your own security policies for the purpose of developing and testing the assembly. If you are not sure that the assembly or directory is secure, do not use these steps to grant trust to it. For more information about setting security policies, see deploying security policies and using the. NET Framework Configuration tool (mscorcfg. MSC) to configure code groups.
 

Use the trust assemblies location attribute
By default, a project is fully trusted by location. If the "trusted assembly location" has been changed, you can apply the default settings again.

Grant full trust to the project assembly on the development computer
In Visual Studio, select the project node in Solution Explorer.

In the Properties window, select "Trust assemblies location ".

Set this attribute to true.

On the "generate" menu, click "generate SOLUTION ".

Use. NET Framework 2.0 Configuration Tool
To install this tool, download and install the. NET Framework 2.0 software development kit (SDK) from the Microsoft download center ).

The process to be executed depends on where the assembly or folder is located:

On the local computer.

On other computers (or mapped drives) in the network.

Grant full trust to the Assembly or folder on the Local Computer
Open Administrative Tools in Control Panel ".

Run "Microsoft. NET Framework 2.0 configuration ".

Note:
There may be multiple similar tools with names starting with "Microsoft. NET Framework. Make sure that the configuration tool used matches the version of your Runtime Library.
 

In the tree view on the left, expand ". net Framework 2.0 configuration "," my computer "," running database security policy "," user "," code group ", and" all_code ", and then expand" vstoprojects ".

Note:
If you have not compiled Visual Studio Tools for office projects, no vstoprojects folder exists. You can add a new code group to the "all_code" root node, or compile the Visual Studio Tools for office project to automatically create the vstoprojects folder.
 

On the right side is the description of the vstoprojects code group, and there is a "task" area at the bottom of the page.

In the task area, click Add subcode group ".

The create code group Wizard starts.

Select "create new code group" and type the name and description that helps you identify the project. Click "Next ".

Click URL in the "select condition type for this code group" list ".

In the URL box, type the complete path of the assembly, or enter the path of the bin folder of the project and add an asterisk (for example, c: \ path \ excelapplication1.dll or C: \ path \ excelapplication1 \ bin \*).

Click "Next ".

Note:
If you type the path of the bin folder, you are granted full trust to all the assembly in the folder and all its subfolders on your computer. Make sure that unauthorized users cannot access a fully trusted folder. Otherwise, someone may put a malicious assembly in the folder and the Assembly will run with full trust.
 
Warning:
Do not grant permissions to the entire hard disk (such as c: \ *) or regular folders (such as "My Documents, because you may grant permissions to cache Assembly from the Internet or email. Only grant permissions to specific project folders that contain the Assembly you are sure to run securely.
 

Select "use existing permission set" and select "fulltrust" from the list ".

Click "Next ".

Click Finish ".

Grant full trust to an assembly or folder on a network computer or mapped drive
Open Administrative Tools in Control Panel ".

Run "Microsoft. NET Framework 2.0 configuration ".

Note:
There may be multiple similar tools with names starting with "Microsoft. NET Framework. Make sure that the configuration tool used matches the version of your Runtime Library.
 

In the tree view on the left, expand ". net Framework 2.0 configuration "," my computer "," running database security policy "," computer "," code group ", and then expand" all_code ".

Note:
Only Administrators can grant full trust to the Assembly or folder on the network computer, and the trust must be granted at the computer level rather than the user level.
 

Under "all_code", right-click "localintranet_zone", and then click "new ".

This step assumes that the server used is in the Local intranet region. If it has been added to the "trusted site" area of Internet Resource Manager, right-click trusted_zone. If the Assembly is on the ing drive, "localintranet_zone" must be used ".

Enter a name and description that helps you identify a project. Click "Next ".

Click URL in the "select condition type for this code group" list ".

In the URL box, type the complete path of the assembly, or enter the path of the bin folder of the project and add an asterisk (for example, \ Server Name \ Folder name \ excelapplication1.dll or http: // server name/folder name/excelapplication1/bin /*).

Click "Next ".

Note:
If you type the path of the bin folder, you are granted full trust to all the assembly in the folder and all its subfolders on your computer. If you are not sure whether these folders are secure, loose permissions may pose security risks.
 

Select "use existing permission set" and select "fulltrust" from the list ".

Click "Next ".

Click Finish ".

Use the code access security policy tool (caspol.exe)
You can also use the code access security policy tool (caspol.exe) to grant full trust to the folder from the command prompt. For more information about caspol.exe, see the code access security policy tool (caspol.exe ).

You can use common user permissions at the user level to grant trust to folders on the local computer. To grant trust to a network location, you must have administrator privileges and change security policies at the computer level. The "computer" policy level works independently of the "user" policy level, and the "computer" policy level does not fully trust the Intranet region, even if the "user" policy is fully trusted. These policy levels must be consistent.

Tip:
Manually enter the command. Copying and pasting commands to a command prompt may result in an "unknown option" error.
 

Grant full trust to local folders
At the Visual Studio command prompt, type the following command.

Copy code
Caspol-u-Ag all_code-URL
C: \ <Foldername >\< Foldername> \ * fulltrust-n "<Name>"-d
"<Description>" grant full trust to the network folder
At the Visual Studio command prompt, type the following command.

Copy code
Caspol-m-Ag localintranet_zone-URL
\\< Servername >\< Foldername> \ * fulltrust-n "<Name>"-d
"<Description>" For more information, see How to: Use caspol.exe to add a code group.

Note:
after the policy is deployed, all the office applications in the solution that are affected by the policy change must be exited and restarted, in this way, the changes made to this policy will take effect. If Microsoft Office Word is part of the solution, you must also exit and restart Microsoft Office outlook. In addition, if you open a document or workbook in Internet Explorer, the process may still be running. Check Windows task manager to make sure there are no instances of the Office application. Other applications that host Office applications also prevent new permissions from being implemented. When the security policy changes, the user should exit all applications that use the office (whether hosted or independent