Trying to avoid security prompt on form with digital certificate

Question

I have a simple form that pulls data through the "GetUserUserProfileByName" Sharepoint web service to populate a number of fields.  The form works perfectly, except when I publish it to my forms library and then open it, the security notice "Microsoft Office has identified a potential security concern"  and "This file may not be safe if it contains code that was intended to harm your computer.  Do you want to open this file?"

I've requested a code signing cert from our corporate certificate authority.  I've installed that on my machine, signed the form, chosen "Full Trust".  Users still get a security prompt upon opening the form.  This is the case even though the certificate is issued by a CA that is trusted on every computer in the company. 

Is this expected?  Shouldn't using a certificate from the corporate CA remove the need for users to have to "trust" the form? 

Thanks for any help!

Answer 1

It shouldn't need a cert or Full Trust at all - you definitely don't want to change it to Full Trust.  That is not a good practice.

I can't remember ever getting such a prompt on a live, published form with that web service (I use it in every form).  Is your connection to the UserProfileService crossing security boundaries - like crossing site collections or web applications?

---

SharePoint Architect || My Blog

Answer 2

I had it going to a different site collection in a different web application.  I was hoping to keep the template easily reusable by using a site collection that is open to everyone, thereby not having to modify the data connection of the form template each time.  It seems like signing it and having full trust would make that possible...

After changing the web service to the one in the same site collection, and changing the trust to "Domain" everything worked.  Thank you for your help!