none
VSTO Addin Deployment (signature and certificates) RRS feed

  • Question

  • Hello,

    I have developed and Addin for Outlook 2007/2010 and now it's time for deployment (not in an intranet/enterprise environment).

    I am a bit confused regarding the trusting issue.

    Right now my Addin is signed with the temporary certificate generated but Visual Studio the first time I run it. So the certificate is associated with the machine I am using for developing it (if I open the MyAddin.dll.manifest file I find my domain name under the publisherIdentity name tag). Of course this is good in development phase but not in deployment, so the solution would be to purchase an official certificate from a certification authority and re-sign the Addin.

    But is it mandatory? For what I have read, if i use Windows Installer, create an MSI to deploy the Addin, install it with administrator privileges and the Addin is installed under Program Files folder, the Visual Studio 2010 Tools for Office Runtime considers these Office solutions to be trusted. Is it right? So have i to sign my Addin or not?

    Thanks

    Thursday, June 20, 2013 9:47 AM

Answers

  • I believe it depends if an admin has made changes to the ClickOnce trust prompt behavior.  Otherwise I think the choice is up to the user whether to trust the addin.  I've never had to do this garbage (which is why I prefer Add-in Express), but the answer is here:

    Granting Trust to Office Solutions
    http://msdn.microsoft.com/en-us/library/bb772086(v=vs.100).aspx


    Eric Legault <a href="https://mvp.support.microsoft.com/default.aspx/profile/legault"> MVP (Outlook)</a><br/> <a href="http://about.me/ericmlegault">About me...</a><br/> <a href="http://www.outlookappins.com/products/social-contacts">Outlook Appins</a>: Store Social Media fields in your Outlook Contacts!

    Thursday, June 20, 2013 3:28 PM
    Moderator