Excel加载项安装和设置.Net安全/信任

担，

根据我的经验，我发现使用CASPOL.exe是设置安全策略的最简单方法。

例如，您可以使用此命令授予对文件夹中所有DLL的完全信任：caspol -u -ag All_Code -url C：\ FolderName \ FolderName * FullTrust -n“Name”-d“Description”

看看这个MSDN文章： http : //msdn.microsoft.com/en-us/library/zdc263t0.aspx

或专门在CASPOL上的这个： http : //msdn.microsoft.com/en-us/library/cb6t8dtz.aspx

或者你可以滚动自己的C＃项目来做到这一点，使用此代码作为基础： http : //www.koders.com/csharp/fidDC5A2D42FE98AD20FFC65C44​​35785CDFE3CB5B10.aspx

那是我们做的。

同样根据注释：从您的msi构build中排除PIA和VSTO运行时（转到msi项目中的引用，右键单击它们并select“排除”），然后单独安装。 只需谷歌的“Excel 2003 PIA下载”和“VSTO运行时下载”来获取安装程序。 让所有的客户在你的应用程序之前安装这些程序。

这样你只需要担心你的插件的安全性。

如果您有自定义程序集，则只需要setsecurity。 你是对的示例代码不起作用，但它需要一个小的改变。 让我知道如果CaspolSecurityPolicyCreator此代码更改将修复它。 （或其他需要比较我的原件，并找出有什么区别）内部静态无效AddSecurityPolicy（BOOL machinePolicyLevel，stringsolutionCodeGroupName，stringsolutionCodeGroupDescription，stringassemblyPath，stringassemblyCodeGroupName，stringassemblyCodeGroupDescription）{stringframeworkFolder = GetFrameworkFolder（）;

string solutionInstallationLocation = Path.GetDirectoryName(assemblyPath); string solutionInstallationUrl = Path.Combine(solutionInstallationLocation, "*"); string policyLevel; string parentCodeGroup; if (machinePolicyLevel) { policyLevel = "-m"; // Use Machine-level policy. parentCodeGroup = "My_Computer_Zone"; // Use My_Computer_Zone for assemblies installed on the computer. } else { policyLevel = "-u"; // Use User-level policy. parentCodeGroup = "All_Code"; } // Add the solution code group. Grant no permission at this level. string arguments = policyLevel + " -q -ag " + parentCodeGroup + " -url \"" + solutionInstallationUrl + "\" Nothing -n \"" + solutionCodeGroupName + "\" -d \"" + solutionCodeGroupDescription + "\""; try { RunCaspolCommand(frameworkFolder, arguments); } catch (Exception ex) { string error = String.Format("Cannot create the security code group '{0}'.", solutionCodeGroupName); throw new Exception(error, ex); } // Add the assembly code group. Grant FullTrust permissions to the main assembly. try { // Use the assembly strong name as the membership condition. // Ensure that the assembly is strong-named to give it full trust. //AssemblyName assemblyName = Assembly.LoadFile(assemblyPath).GetName(); //arguments = policyLevel + " -q -ag \"" + solutionCodeGroupName + "\" -strong -file \"" + assemblyPath + "\" \"" + assemblyName.Name + "\" \"" + assemblyName.Version.ToString(4) + "\" FullTrust -n \"" + assemblyCodeGroupName + "\" -d \"" + assemblyCodeGroupDescription + "\""; //RunCaspolCommand(frameworkFolder, arguments); //TODO- MS Hardcoded for now (better at assembly dll level use todo 1) arguments = policyLevel + " -q -ag \"" + solutionCodeGroupName + "\" -url \"" + solutionInstallationUrl + "\" FullTrust -n \"" + assemblyCodeGroupName + "\" -d \"" + assemblyCodeGroupDescription + "\""; RunCaspolCommand(frameworkFolder, arguments); //TODO: 1 code below will create a separate group per assembly path, also need to check if AcnUI assembly is installed in GAC. //AddFullTrust(frameworkFolder, assemblyPath, policyLevel, solutionCodeGroupName, assemblyCodeGroupName, assemblyCodeGroupDescription); } catch (Exception ex) { try { // Clean the solutionCodeGroupName. RemoveSecurityPolicy(machinePolicyLevel, solutionCodeGroupName); } catch {} string error = String.Format("Cannot create the security code group '{0}'.", assemblyCodeGroupName); throw new Exception(error, ex); } } internal static void RemoveSecurityPolicy( bool machinePolicyLevel, string solutionCodeGroupName) { string frameworkFolder = GetFrameworkFolder(); string policyLevel; if (machinePolicyLevel) policyLevel = "-m"; // Use Machine-level policy. else policyLevel = "-u"; // Use User-level policy. string arguments = policyLevel + " -q -rg \"" + solutionCodeGroupName + "\""; RunCaspolCommand(frameworkFolder, arguments); } private static string GetFrameworkFolder() { // Get the targeted Framework folder. Version version = new Version(2, 0, 50727); return GetRuntimeInstallationDirectory(version, true); }