Signed-Strong name add-ins

Add-in Express™ Support Service
That's what is more important than anything else

Signed-Strong name add-ins
Why? 
J Phil




Posts: 20
Joined: 2008-09-25
Could you explain the side effects of not signing the add-ins ?

The company I'm working for is only using Add-In Express for in-house development. Would it be ok not to sign any of the assemblies ?

Is the only side effect that the user will see a message everytime he opens Excel telling him about unsecure add-ins ?

Thanks
Posted 07 Oct, 2008 10:14:25 Top
Eugene Astafiev


Guest


Hello,

Is the only side effect that the user will see a message everytime he opens Excel telling him about unsecure add-ins ?


It depends on the security policy settings in an Office application. The add-in may not load at all.

Please note that you can sign the loader with a digital signature and, in this way, create trusted COM extensions for Office.
Posted 07 Oct, 2008 10:31:25 Top
J Phil




Posts: 20
Joined: 2008-09-25
Could you elaborate, I really need to understand how this affects the release of a component.

We have a really big framework that relies on a lot of assemblies, and we wont be able to sign them, so I need to understand if we can use your product in our environment...

PS : we only use Add-In Express for in-house development

Some additional questions I have:
-Since we are still using COM, does this mean that you need administrator priviledges to install an Add-In Express component?
-If so, who does this affect ClickOnce deployment?
-If the add-in is not signed, is there somewhere I can control whether or not the add-in is secure, through Office settings or .net security policy settings?
-Is there something different to this relating to XLL projects, since they are loaded differently in Excel ?
-Is there any difference to all of this depending of the office version (we use 2007)?

The more information you can give me the better it is.

Thank you.
Posted 08 Oct, 2008 12:18:07 Top
Eugene Astafiev


Guest


Hello,

I always recommend you to sign the adxloader.dll with a digital signature. Thus you will be sure that your add-in is not disabled (or wasn't dropped in the list of inactive add-ins in Office 2007). But if you are going to use the add-in in-house that is not the case.

Please read the following http://msdn.microsoft.com/en-us/library/bb386106.aspx for better understanding the deployment facilities.
Posted 08 Oct, 2008 16:25:17 Top