You can use two methods to trust an Office solution created in Visual Studio and not show a trust prompt to the end-user.
- Sign your Office solution with certificate that chains to a trusted root authority and is in the Trusted Publisher list.
- Sign your Office solution with a certificate and trust that certificate by using the inclusion list.
(There is a third option to use the ClickOnce trust prompt and allow the end-user to choose whether to trust and install the Office solution.)
The second option has changed slightly in Visual Studio 2010 and the VSTO 2010 runtime. You can still use the inclusion list for Office 2007 and Office 2010 solutions, but you must target the .NET Framework 3.5 and reference the Microsoft.VisualStudio.Tools.Office.Runtime.v10.0 assembly.
For .NET Framework 4 developers, you can deploy your solutions by using Windows Installer (MSI) into the Program Files directory. Office solutions installed to the Program Files directory are now considered to be already trusted because installing to the Program Files directory requires administrator rights. As a result, the Microsoft Office application loads the Office solution without checking the inclusion list. In addition, eliminating the inclusion list check may reduce the loading time.
How does this affect me?
If you deploy an Office 2007 solution by using Windows Installer (MSI) on a computer with Office 2010 and the VSTO 2010 runtime, your installer may show the following error: Error 1001. Could not load file or assembly ‘Microsoft.VisualStudio.Tools.Office.Runtime.v9.0, Version=220.127.116.11, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’ or one of its dependencies. The system cannot find the file specified.
This error appears because the Microsoft.VisualStudio.Tools.Office.Runtime.v9.0.dll assembly is not in the VSTO 2010 runtime. To work around this issue, you can complete one of the following steps:
- Update the inclusion list custom action to reference the Microsoft.VisualStudio.Tools.Office.Runtime.v10.0 assembly. At this point, you may have one installer for computers with Office 2007 and the VSTO 3 runtime, and a second installer for computers with Office 2010 and the VSTO 2010 runtime.
- Remove the inclusion list custom action from your MSI and install to the Program Files directory. The VSTO 2010 runtime considers all Office solutions installed to the Program Files directory to be trusted already, so the ClickOnce trust prompt does not appear.
- Install both the VSTO 3 runtime and VSTO 2010 runtime on the computer. This way, the correct assembly is located on the end-user computer, and the installer can create the inclusion list entry for the certificate.
Mary Lee, Programming Writer.