dev290 building office solutions with visual studio eric carter lead developer developer platform...
Post on 28-Dec-2015
221 Views
Preview:
TRANSCRIPT
DEV290
Building Office Solutions with Visual Studio
Eric CarterLead DeveloperDeveloper Platform & EvangelismMicrosoft Corporation
Our Challenges
Today’s IT situationDeployment and maintenance issues favor Web applications
Security concerns limit the use of Office solutions Today’s developer situation
Web UI is “limiting”It’s hard to develop a rich Web UI
Inconsistent user experience is common
No offline support
Developers typically use VBA to customize Office
applications and now want to use Visual Studio
Our Goals
Incorporate the richness of client Office apps with the benefits and advantages of Visual Studio
Make smart client application development on the Office System:
Secure
More reliable
Easier to deploy, maintain and upgrade
Faster to develop
Make Office a first class development scenario in Visual Studio
Make Visual Studio a first class tool for building Office solutions
Visual Studio Tools for Office
Extends .NET development to Office 2003
Developers using Visual Studio 2003 can write code to run behind Word and Excel documents
Write code in VB .NET or C#
In beta now
msdn.microsoft.com/vstudio/office MSDN Developer and Subscriber Downloads
RTM in mid-2003
Writing Code Writing Code Behind Excel Behind Excel Part 1Part 1
demodemo
Developer Productivity
Developer uses the Visual Studio IDE
Choice of languages – VB .NET or C#
Robust code model based on .NET Framework
Powerful access to data and XMLVia ADO.NET and system XML classes
Support for the latest XML Web service specifications
WS-Security, WS-Routing, WS-Attachments
Existing Office development knowledge carries forward
Office Integration
CLR loader is part of Word and ExcelIt installs with Office Pro and above
Doc properties point to the assemblySame directory, SharePoint site, UNC, etc.
Assembly calls into Office via COM InteropUses PIAs (Primary Interop Assemblies) delivered with Office
Requires FullTrust, but 3rd party code can be restricted
Review: How Does It Work?
Developer writes codeCreates assembly
Sets document properties
Deploys assembly to centralized location
Designer formats document for end users
End user opens documentOffice uses document properties to locate and download assembly
CLR verifies assembly is OK to run
CLR runs code
Deployment
Developer can store solutions on a trusted corporate network
Code is downloaded locally when a user opens a Word or Excel document
Users get updates to code automatically with no action required on their part
Users must have CLR on their machineNote: Don’t rely on Office shipping CLR
Writing Code Writing Code Behind ExcelBehind ExcelPart 2Part 2
demodemo
Managed Code Loading Process
User opensdocument
CustomProps?
Trusteddoc?
Trustedcode?
New / Openevent fires
No
DocOnly
No
DocOnly
DocOnly
Downloadassembly
No
UnloadAppDomain
Fail
Hook upevents
Yes
Fail
Yes
CreateAppDomain Fail
Load CLRYes
Fail
Assembly Security
Office “High, Medium, Low” macro dialog box and “managed add-in proxy shims” don’t apply to these assemblies
Local machine’s .NET Framework 1.1 security policy governs the assemblies
You can set security two ways.NET Framework Configuration (UI version)
caspol.exe (command-line version)
.NET Framework Configuration
Trusted Code
Default CLR policy trusts all code on local machine
Not a good idea for Office documents!
Office loader removes all Zone permissionsMy Computer: FullTrust Nothing
Also removes “All Code” permissions
Must explicitly trust assembliesLocation is easy, but relatively weak
We recommend using publisher or strong name
Visual Studio trusts code in developmentAutomatically trusts assembly location
Trusted Documents
Helps prevent malicious re-use of trusted code
By default Documents on the local machine are trusted
Documents on the network are not trusted
E-mail attachments are not trusted
Assign trust through .NET policyUse URLs to trust locations
Use MSOSEC (Microsoft Office Security) to trust documents
This provides a form of document-based evidence that the CLR will understand
Dealing with Malicious Code
What happens when someone changes the custom doc properties to point to potentially malicious files?
By default, no code runs
A user must consciously decide to trust code
What happens when someone tries to swap a trusted assembly with a potentially malicious assembly?
A hacker needs the appropriate permissions to replace the assembly at the given location
What can you do to prevent these types of situations?Only trust assemblies you know come from safe sources
Consider using more robust security methods such as publisher, strong name, or digital signature
Security and Security and DeploymentDeployment
demodemo
Summary
Build Word 2003 and Excel 2003 solutions with Visual Studio 2003
Visual Studio provides improvements in productivity
.NET Framework provides improvements in deployment, maintenance and security
Existing investments move forward
Ask The ExpertsGet Your Questions Answered
I will be available in the ATE area after this session
Community ResourcesCommunity ResourcesMS Community Sites
http://www.gotdotnet.com http://msdn.microsoft.com/vcsharp
http://microsoft.com/communities/default.mspx
List of newsgroupsmicrosoft.public.vsnet.vstools.officemicrosoft.public.word.programmingmicrosoft.public.excel.programmingmicrosoft.public.office.developer.vbahttp://microsoft.com/communities/newsgroups/default.mspx
Attend a free chat or webcasthttp://microsoft.com/communities/chats/default.mspxhttp://microsoft.com/usa/webcasts/default.asp
Locate a local user groupshttp://microsoft.com/communities/usergroups/default.mspx
Community siteshttp://microsoft.com/communities/related/default.mspx
Suggested Reading And Resources
The tools you need to put technology to work!The tools you need to put technology to work!
TITLETITLE AvailableAvailable
TodayTodayMicrosoftMicrosoft®® Windows Windows®® Server 2003 Server 2003 TCP/IP Protocols and Services TCP/IP Protocols and Services Technical Reference KitTechnical Reference Kit
Active DirectoryActive Directory®® for for MicrosoftMicrosoft®® Windows Windows®® Server 2003 Server 2003 Technical ReferenceTechnical Reference
TodayToday
Microsoft Press books are 20% off at the TechEd Bookstore
Also buy any TWO Microsoft Press books and get a FREE T-Shirt
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
evaluationsevaluations
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
top related