How to Determine if an Addin is Trusted

M

Mark Wilson

I have a COM Shim for an Outlook Addin that is intended to be registered as
trusted code in the "Outlook Security Settings" public folder on an Exchange
Server.

Is there any way for my Addin to be able to determine if it has actually
been registered as "Trusted Code" by the Administrator?

I need to be able to change at runtime how the Addin operates based upon
whether it is recognized as a trusted Addin, or not.
 
P

Peter Huang [MSFT]

Hi,

Based on my research, Outlook OM did not expose such interface for us to
check if an addin is trusted.
Also based on my experience, for a managed addin, we need to consider both
the .NET CAS and outlook Security check.
For the .NET CAS, if there are security exception, we can try catch it. But
it seems that is not the case.
But for for outlook client side security, if the security is not met, the
addin will never be loaded, so our code have no time to run to check.

For Exchange side security, I think it would better post in the exchange
dev newsgroup.
Exchange2000.development queue.

However, this queue is not a MSDN managed queue yet. That means you won't
be guranteed to get a reply in 2 business days there. So if the issue is
urgent for you, I think the best way is to use one of your MSDN subscriber
free support incident to contact our customer support service. There will
be one Exchange dev support engineer working specially with you on it.
Please visit the following page for how to submit it:
http://msdn.microsoft.com/subscriptions/support/default.aspx

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
M

Mark Wilson

Thanks Peter.

Just as a bit of clarification the code is developed in C/C++. It is not
..NET so it is not managed code. The addin always loads and its access to the
OOM is derived from the Application object. However if the DLL is not
registered on the Exchange server, access to the message body trigers the OM
Guard. If it is trusted, then the guard does not pop up.

I'd like to know in advance if the DLL was not trusted and skip certain
portions of my code that would cause the warning to appear. i.e operatie
with limited functionality if the DLL was not trusted.

I'll follow up with the Exchange people.

Mark.
 
P

Peter Huang [MSFT]

Hi Mark,

Thanks for your update!
I understand that your scenario seems to be an Exchange site addin.
I think you may try to post in the exchange newsgroup!
Thanks for your understanding!


Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Server Root as Trusted Location 1
how to detect if an addin is running 1
How to prevent non admin user from disableing the Outlook 2007Addi 13
Trusted Publisher Store vs. NET Runtime Security 5
ComShims for Outlook Addin, questions 1
Outlook COM Addin deployment on Windows 2003 server 5
Determine if doc has attached code 1
Getting further on the shim, failing to find the .net AddIn 0

Top