locked
how to turn off outlook security warning dialog box using C# RRS feed

  • Question

  • Hi,

    How can one get rid off the Security Warning dialog box which pops up when you try to access a property of ContactItem in Outlook 2003?

    I'm using Visual Studio Team Suite Beta 2, Microsoft Outlook 11.0 Object Library, Outlook 2003. I've written a webform to get the list of contacts and display it in a listbox. But everytime the webform loads, an outlook security dialog box pops up. I'm not sure if this is the right forum but I couldn't find another one specifically for Outlook 2003 programming.

    Here's the code.

    protected void Page_Load(object sender, EventArgs e)

    {

    Outlook.Application app = new Outlook.Application();

    Outlook.NameSpace ns = app.GetNamespace("MAPI");

    Outlook.MAPIFolder contactlist = ns.GetDefaultFolder(Outlook.OlDefaultFolders.olFolderContacts);

    Outlook.Items oItems = contactlist.Items;

    Outlook.ContactItem oCt = (Outlook.ContactItem)oItems.GetFirst();

    while (oCt != null)

    {

    ContactsListBox.Items.Add(oCt.Email1Address);

    oCt = (Outlook.ContactItem)oItems.GetNext();

    }

    }

    // Gets the selected contacts from the listbox and displays it in a textbox
    protected
    void AddToButton_Click(object sender, EventArgs e)

    {

    StringBuilder sb = new StringBuilder();

    foreach (ListItem li in ContactsListBox.Items)

    {

    if (li.Selected)

    {

    sb.Append(li.Text);

    sb.Append(",");

    }

    }

    ToTextBox.Text = sb.ToString();

    }



    Thanks in advance,
    shiversticks
    Tuesday, November 22, 2005 7:40 PM

Answers

  • Here is some more information to elaborate on John's reply regarding how Outlook add-ins can avoid the security warning dialog.

    Outlook add-ins can avoid displaying the security warning dialog box by obtaining references to Outlook objects from the trusted Application object. If you create a new Application object in your code, this object and any other Outlook objects you obtain from it are not trusted, and will display the security warning dialog box.

    How you obtain the trusted Application object depends on the type of Outlook add-in you are creating. If you are creating a COM Outlook add-in that implements the IDTExtensibility2 interface, then you should use the Application object that your add-in receives from the OnConnection method. For more information, see the topic "What's New in Microsoft Office Outlook 2003 for Developers?" at http://www.msdn.microsoft.com/office/default.aspx?pull=/library/en-us/odc_ol2003_ta/html/odc_olwhatsnew2k3.asp, specifically under the heading "Revised and Improved Security Model".

    If you are creating an Outlook add-in using Visual Studio 2005 Tools for Applications, then you should use the ThisApplication object provided by the project template. For more information, see "Specific Security Considerations for Office Solutions" at http://msdn2.microsoft.com/library/1thd35d7(en-US,VS.80).aspx, specifically under the heading "Minimizing Object Model Guard Warnings".

    I hope this helps,
    McLean Schofield
    Tuesday, November 22, 2005 10:38 PM
    Answerer

All replies

  • Looking at your code, I noticed that you gained a new reference to the Outlook Application object. Your code is correct, but you should know that I know of no supported way to avoid the security dialog box given the Web-context of your application.

    However, there are supported ways to avoid the security dialog in other types of applications. For example, if you use Visual Studio 2005 Tools for the Microsoft Office System to create an add-in, objects used that were acquired from the Outlook.Application object our tools instantiate for you will not cause the security prompt to appear.

    The basic principle is that too many users have been impacted because of viruses and other intrusions. The security dialog is there to preserve the integrity of Outlook security. Yes, it can be annoying. But, it is less annoying than losing one's inbox or the inboxes of an entire company.

    HTH,

    John.
    Tuesday, November 22, 2005 10:30 PM
  • Here is some more information to elaborate on John's reply regarding how Outlook add-ins can avoid the security warning dialog.

    Outlook add-ins can avoid displaying the security warning dialog box by obtaining references to Outlook objects from the trusted Application object. If you create a new Application object in your code, this object and any other Outlook objects you obtain from it are not trusted, and will display the security warning dialog box.

    How you obtain the trusted Application object depends on the type of Outlook add-in you are creating. If you are creating a COM Outlook add-in that implements the IDTExtensibility2 interface, then you should use the Application object that your add-in receives from the OnConnection method. For more information, see the topic "What's New in Microsoft Office Outlook 2003 for Developers?" at http://www.msdn.microsoft.com/office/default.aspx?pull=/library/en-us/odc_ol2003_ta/html/odc_olwhatsnew2k3.asp, specifically under the heading "Revised and Improved Security Model".

    If you are creating an Outlook add-in using Visual Studio 2005 Tools for Applications, then you should use the ThisApplication object provided by the project template. For more information, see "Specific Security Considerations for Office Solutions" at http://msdn2.microsoft.com/library/1thd35d7(en-US,VS.80).aspx, specifically under the heading "Minimizing Object Model Guard Warnings".

    I hope this helps,
    McLean Schofield
    Tuesday, November 22, 2005 10:38 PM
    Answerer
  • Although others will probably decry its use, but one option is to use a product called Outlook Redemption, a COM library that provides indirect access to the entire Outlook object model without the security warning.

    Just be sure you understand the security implications. Namely, once Redemption is available on a system, any code can then use it to access the Outlook object model bypassing the warning.

    You can find Redeption here: http://www.dimastr.com/redemption/

    Friday, December 9, 2005 9:29 PM
  • Hi all,

    Thanks for your responses. I'm trying to change my strategy accordingly. I have a couple of related questions.

    1. What are the methods that we can use to get a list of email addresses from a group email in outlook? For example, if the user has an emailgroup in his address book called "friendslist" and has 5 email addresses inside it, how can we extract those 5 addresses by just selecting the group address? How do we select the group address?

    2. This is with respect to the security model again. If we try to access the email group "friendslist", would the security warning pop up 5 times or (will it pop up just once but will allow us to get all the 5 addresses)?

    I hope I'm clear in my questions. Rough day here :(

    Thanks in advance,
    shiversticks
    Monday, December 12, 2005 10:20 PM
  • Did you able to find a solution for eliminate warning dialog box ? Please let me know if you have find some alternate to this problem

    thanks in advance,
    Rajesh
    Wednesday, December 14, 2005 7:31 AM
  • Hi Rajesh,

    I wasn't able to get around the security warning dialog box. According to the previous posts, I believe if you have Visual Studio Tools for Office (VSTO) 2005, it has a project called Outlook add-in under Office projects. When you create an outlook add-in using that, it will not give the security dialog. Right now, I'm modifying my solution to let my users create different address lists by presenting them a webform to do so. Then I'm saving the addresses in Sql Server and letting the users access addresses through it. It would have been great if I could have gotten around the dialog box instead of doing it this way. I wish I could get my hands on VSTO 2005. Hope this helps.

    -shiversticks

     

    Friday, December 16, 2005 3:48 PM
  • 1) The DistListItem object has a GetMember method that you can use to iterate all the items in the DL, returning each as a Recipient object.

    2) That depends on how the user responds to the first such prompt. For protected address properties and methods, the user can suppress additional prompts for up to 10 minutes.

    Monday, January 30, 2006 6:27 PM
  • Office's security model is a barberic knee-jerk solution to the problem.  You guys need to release a patch for all versions of Outlook and the rest that works the way that Quickbooks does with it's SDK.

    If an application that is not recognized requests information or tries to add information to the system or use the SDK at all even, then Quickbooks pops up a dialog asking if you want access. Fine and dandy, it should. But there is also a checkbox to tell Quickbooks to remember that specific application and not ask again.

    This simple addition to the stupid security dialog makes interacting with Outlook useful again and maintains security restrictions intelligently. All that would be missing is a manager that allows you to remove things from the list of memorized applications if you wanted built in with a GUI to shows you those that you have allowed.

    Simple, and effective. Right now the whole system is crippled and thus essentially useless without Redemption.
    Sunday, April 23, 2006 5:02 PM
  • Outlook 2007 will allow any external program on a secure system (WIndows XP or Windows Vista with up-to-date anti-virus protection) to make calls to Outlook objects without triggering security prompts.
    Saturday, July 8, 2006 3:15 PM
  • I'm using this scenario right now and IT STILL PROMPTS EVERY TIME.

    I hope they fix it the way I suggest. Cause it's a PITA right now and just a stupid solution to a problem. But then the security stuff in Vista proves that MS still doesn't get it regarding security anyhow, so I'm not hopeful.

    Thursday, August 31, 2006 6:29 PM
  • John, what specific "this scenario" are you referring to? A lot of different ones have been discussed in this thread.
    Tuesday, September 5, 2006 5:14 PM
  • Outlook 2007 will allow any external program on a secure system (WIndows XP or Windows Vista with up-to-date anti-virus protection) to make calls to Outlook objects without triggering security prompts.
    Wednesday, September 6, 2006 1:35 PM
  • John, have you checked the anti-virus application state in Tools | Trust Center | Programmatic Access?
    Thursday, September 14, 2006 10:20 PM
  • Hi...

    i was searching for the same subject... i'm using MS Outlook 2003 and i'm trying to write a console program to send e-mails using Outlook object but still get annoyed by security prompts.

     i tried to use the trusted code as the following lines for accessing Outlook as in Minimizing Object Model Guard Warnings

     

     

    Code Snippet
    private void TrustedCode(){
        Microsoft.Office.Interop.Outlook.MailItem mailItem1 =
            this.CreateItem(
            Microsoft.Office.Interop.Outlook.OlItemType.olMailItem) as
            Microsoft.Office.Interop.Outlook.MailItem;
        mailItem1.To = someone@example.com;
        MessageBox.Show(mailItem1.To);
    }

     

     

    thnx

    Saturday, April 28, 2007 5:40 PM
  • shark, the article you cited does not apply to console programs, which are always subject to "Outlook object model guard" security prompts and cannot receive the same kind of trust as an Outlook add-in. See http://www.outlookcode.com/d/sec.htm for your options. I'd recommend using Redemption or MAPI33.

     

    Please note that this is a forum for VSTO applications, including Outlook add-ins, not console applications. There is a newsgroup specifically for general Outlook programming issues "down the hall" at microsoft.public.outlook.program_vba or, via web interface, at http://www.microsoft.com/office/community/en-us/default.mspx?dg=microsoft.public.outlook.program_vba

    Sunday, April 29, 2007 1:10 PM
  • Over the past couple of years, I've read many times on many message boards the statement that "deriving all Outlook objects from the trusted Outlook.Application object passed to you" will allow you to avoid security prompts, but I have yet to find it to be true in all (or even most) cases. It seems that some specific properties (e.g., MailItem.Body, AppointmentItem.Body, ContactItem.Email1Address) will ALWAYS trigger a security prompt, no matter where you got the Application from and no matter how many different ways you use the Application object to obtain a reference to the item with which you'd like to work.  Maybe I'm missing something obvious (and I probably am, because anytime I see Sue post anything, it's typically right on), but whether I'm using VB6 or VB.NET to write an add-on, the security prompts continue to haunt my applications.

     

    My solution has been to accept this behavior as an unfortunate fact of life and use some combination of pop-up killing and Extended MAPI to get what I need... it's neither pretty nor clean nor entirely secure, but at least it works. Hopefully once I'm able to start working with Outlook 2007, this annoyance will be one for the history books.

     

     

    Tuesday, July 31, 2007 9:24 PM
  • shark312, is the TrustedCode procedure part of a VSTO add-in? That's how it becomes "trusted" - by deriving the Outlook objects from the Outlook.Application object that the add-in exposes as part of the architecture that integrates it with Outlook. Code in a console program is always untrusted, as far as the Outlook object model goes, but can call a public procedure in an add-in.

    Tuesday, July 31, 2007 9:28 PM
  • Well, use VSTO. All you need to do is this; Highlighted in green is the VSTO addin application for outlook. This is trusted.

     

    Outlook.Application ol = Globals.ThisAddIn.Application;

    Outlook.NameSpace ns = ol.GetNamespace("MAPI");

    Outlook.MailItem oMsg = ol.CreateItem(Outlook.OlItemType.olMailItem);

       

    oMsg.To = "someone@somewhere.com;

    oMsg.Subject = "TEST EMAIL";

    oMsg.Body = "TEST EMAIL MESSAGE";

    oMsg.BodyFormat = Outlook.OlBodyFormat.olFormatPlain;

    oMsg.Send();

     

    Failing this, Use the System.Net.Mail namespace and send an email using new mailmessage. (This however wont update the current session of outlook unless you forward it or something.

     

    Hope this helps anyone.

    • Proposed as answer by Ryukotsei0 Tuesday, April 12, 2011 3:12 PM
    Tuesday, March 11, 2008 12:16 PM
  • There is a free addon from MAPI-Labs here:

    http://www.mapilab.com/outlook/security/

    And it provides a wonderful, simple solution for this Outlook issue. Sadly, it's still not good enough for me.

    What I really wish is that microsoft either provided a patch to put something in similar to MAPI-Lab's solution being backwards compatible to Outlook 2003, or they endorsed MAPI-Lab's addon as the solution. And either way, for microsoft to have a patch to put a solution into place.

    Otherwise, I'm faced with having to make an addon to do exactly the same thing as MAPI-Lab's, so I can automatically install it for users, without any EULA issues.

    Thursday, May 28, 2009 2:25 PM
  • You can change programmaticcaly just by from the registery like that

                           [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Outlook\Security] 

    "ObjectModelGuard"=dword:00000002 

     

    * KeyPoint 1 - but it is trusting version you have to control outlook platform than set your reg.

    * KeyPoint 2 -  Also its default settings is depending your installed anti virus software

    * KeyPoint 3 - It coul be set from exchange server


    Hamit YILDIRIM
    Thursday, July 29, 2010 10:33 AM
  • You can change programmaticcaly just by from the registery like that

                           [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Outlook\Security] 

    "ObjectModelGuard"=dword:00000002 

    That registry value is, of course, for Outlook 2007, not Outlook 2003, which some of the contributors to this thread were using. 
    Thursday, July 29, 2010 2:57 PM
  • Hi Sue Mosher,

    I have released my product and even, i have sold it to a highly big company in the world. It is working perfectly after a strong testing process. 

    Here, i used this manner as like as my before post. That is working perfectly but i am using this default settings at the start up of the addin program. When user interacted with this addin i would not reset my default settings. Is there any manner to unpopuping. If i do not know and you know, pls share with us.

    I think microsoft is aware from this problem and they want to provide security effect with this lock. Did they find other solution or found.. Do you know??

     


    Hamit YILDIRIM
    Saturday, August 21, 2010 7:54 PM
  • Hamit, an add-in needs to be constructed so that it uses the Outlook.Application object exposed by the add-in architecture. This and other workarounds for Outlook object model guard security are discussed here:

    Outlook "Object Model Guard" Security Issues for Developers
    http://www.outlookcode.com/article.aspx?id=52

    • Proposed as answer by Hamit YILDIRIM Saturday, August 21, 2010 8:17 PM
    Saturday, August 21, 2010 8:05 PM
  • Oke Mosher. Evident: There is no other way for using without CDO.

    Set objMessage = CreateObject("CDO.Message") 
    objMessage.Subject = "Example CDO Message" 
    objMessage.From = "me@my.com" 
    objMessage.To = "test@paulsadowski.com"

    'The line below shows how to send using HTML included directly in your script
    objMessage.HTMLBody = "<h1>This is some sample message html.</h1>" 

    'The line below shows how to send a webpage from a remote site
    'objMessage.CreateMHTMLBody "http://www.paulsadowski.com/wsh/"

    'The line below shows how to send a webpage from a file on your machine
    'objMessage.CreateMHTMLBody "file://c|/temp/test.htm"

    objMessage.Bcc = "you@your.com"
    objMessage.Cc = "you2@your.com"
    objMessage.Send

    http://www.paulsadowski.com/WSH/cdo.htm

    I will try, thank you...


    Hamit YILDIRIM
    Saturday, August 21, 2010 8:16 PM
  • Hi again Mosher,

     

    I want to ask you that: i have got an error when i want to send this mail from my home. 

    This is my mail and it is annoying me like that::

    "The transport failed to connect to the server." how can i configurate this settings. i am always giving it to the SmtpServer and other settings they are oke that you can see.

     

    What is wrong?

     

     

    try

                            {

                                CDO.Message oMsg = new CDO.Message();

                                CDO.IConfiguration iConfg;

     

                                iConfg = oMsg.Configuration;

     

                                ADODB.Fields oFields;

                                oFields = iConfg.Fields;

     

                                // Set configuration.

                                ADODB.Field oField = oFields["http://schemas.microsoft.com/cdo/configuration/sendusing"];

     

                                //TODO: To send by using the smart host, uncomment the following lines:

                                oField.Value = CDO.CdoSendUsing.cdoSendUsingPort;

                                oField = oFields["http://schemas.microsoft.com/cdo/configuration/smtpserver"];

                                oField.Value = "secureserver.net";

     

                                // TODO: To send by using local SMTP service. 

                                //oField = oFields["http://schemas.microsoft.com/cdo/configuration/sendusing"];

                                //oField.Value = 1;  

     

                                oFields.Update();

     

                                // Set common properties from message.

     

                                //TODO: To send text body, uncomment the following line: 

                                //oMsg.TextBody = "Hello, how are you doing?";

     

     

                                //TODO: To send HTML body, uncomment the following lines:

                                String sHtml;

                                sHtml = "<HTML>\n" +

                                    "<HEAD>\n" +

                                    "<TITLE>Sample GIF</TITLE>\n" +

                                    "</HEAD>\n" +

                                    "<BODY><P>\n" +

                                    "<h1><Font Color=Green>Inline graphics</Font></h1>\n" +

                                    "</BODY>\n" +

                                    "</HTML>";

                                oMsg.HTMLBody = sHtml;

     

                                //TOTO: To send WEb page in an e-mail, uncomment the following lines and make changes in TODO section.

                                //TODO: Replace with your preferred Web page

                                //oMsg.CreateMHTMLBody("http://www.microsoft.com",

                                // CDO.CdoMHTMLFlags.cdoSuppressNone, 

                                // "", ""); 

                                oMsg.Subject = "Test SMTP"; 

     

                                //TODO: Change the To and From address to reflect your information.                       

                                oMsg.From = "someone@example.com";

                                oMsg.To = "someone@example.com";

                                //ADD attachment.

                                //TODO: Change the path to the file that you want to attach.

                                //oMsg.AddAttachment("C:\\Hello.txt", "", "");

                                //oMsg.AddAttachment("C:\\Test.doc", "", "");

                                oMsg.Send();

                            }

                            catch (System.Exception e)

                            {

                                Console.WriteLine("{0} Exception caught.", e);

                            }

     


    Hamit YILDIRIM
    Sunday, August 29, 2010 2:24 PM
  • I want to ask you that: i have got an error when i want to send this mail from my home. 

    This is my mail and it is annoying me like that::

    "The transport failed to connect to the server." how can i configurate this settings. i am always giving it to the SmtpServer and other settings they are oke that you can see.

     

    You should ask about this in a general C# forum, as it has nothing to do with either Outlook programming or VSTO. Also note that the managed code library System.Net.Mail would be preferred over CDO for Windows, which has to go through COM Interop. 

    • Proposed as answer by DrWeb86 Wednesday, March 2, 2011 9:37 AM
    Sunday, August 29, 2010 6:33 PM
  • Well, use VSTO. All you need to do is this; Highlighted in green is the VSTO addin application for outlook. This is trusted.

     

    Outlook.Application ol = Globals.ThisAddIn.Application;

    Outlook.NameSpace ns = ol.GetNamespace("MAPI");

    Outlook.MailItem oMsg = ol.CreateItem(Outlook.OlItemType.olMailItem);

       

    oMsg.To = "someone@somewhere.com;

    oMsg.Subject = "TEST EMAIL";

    oMsg.Body = "TEST EMAIL MESSAGE";

    oMsg.BodyFormat = Outlook.OlBodyFormat.olFormatPlain;

    oMsg.Send();

     

    Failing this, Use the System.Net.Mail namespace and send an email using new mailmessage. (This however wont update the current session of outlook unless you forward it or something.

     

    Hope this helps anyone.

    This solved my issue. Thanks
    Tuesday, April 12, 2011 3:12 PM
  • Well, use VSTO. All you need to do is this; Highlighted in green is the VSTO addin application for outlook. This is trusted.

     

    Outlook.Application ol = Globals.ThisAddIn.Application;

    Outlook.NameSpace ns = ol.GetNamespace("MAPI");

    Outlook.MailItem oMsg = ol.CreateItem(Outlook.OlItemType.olMailItem);

       

    oMsg.To = "someone@somewhere.com;

    oMsg.Subject = "TEST EMAIL";

    oMsg.Body = "TEST EMAIL MESSAGE";

    oMsg.BodyFormat = Outlook.OlBodyFormat.olFormatPlain;

    oMsg.Send();

     

    Failing this, Use the System.Net.Mail namespace and send an email using new mailmessage. (This however wont update the current session of outlook unless you forward it or something.

     

    Hope this helps anyone.

    This solved my issue.
    • Proposed as answer by zapss Monday, March 12, 2012 6:36 AM
    Tuesday, April 12, 2011 3:13 PM
  • Hi db7uk,

    Thanks, it worked for me.


    • Edited by PB5590 Tuesday, November 11, 2014 5:53 AM
    Tuesday, November 11, 2014 5:52 AM