Microsoft Excel Security Notice when testing the VS sample

Nov 29, 2012 at 1:12 PM

Hello,

I am interrested to use VS2010 to create an Excel-DNA add-in for XL2010.
Therefore I tested the VS sample provided with Excel-DNA.

When loading the Addin, I get a "Microsoft Excel Security Notice".
It says:

" Warning: There is no digital signature available "
" File Path: C:\.....\SampleCS.xll "
" This application add-in has been disabled. "
"  ... "

I can then chose to enable this add-in for the current sesion only.
Therefore, I need to answer this security notice everytime I need to use this addin.

Is there an easy way to avoid this annoyance?
Would there also be a way to avoid this when I will distribute my add-in later when it is ready?
Could that be done without re-compiling Excel-DNA? (and still being easy!)

Thanks for your suggestions,

Michel

Coordinator
Nov 29, 2012 at 1:32 PM

Hi Michel,

Indeed, you are opening an unsigned add-in, and your Excel is set to prompt in this case.

You have a few options:

- Change the Excel security settings to enable all macros (File->Options->Trust Center->Macro Settings->Enable all Macros).

- Add your add-in's location to the list of trusted locations.

- Install your add-in to open automatically every time (press alt+t, i to get the dialog, or go to File->Options->Add-Ins -> Manage: Excel Add-Ins).

- Pack your add-in into a single file .xll and sign it with Signtool.exe (http://msdn.microsoft.com/en-us/library/8s9b9yaz.aspx).

Regards,

Govert

Dec 2, 2012 at 9:02 AM

Hello Govert,

Thanks a lot for the overview.

I have not yet decided how to proceed with my project.
I expect to combine an ExcelDNA package for the UDFs I need, together with a VSTO project.
The UDFs will involve existing VB code and C code.
I understand this cannot be handled by the ExcelDnaPack tool.
Would it be possible to sign without packing?

Since this project will have to be installed by many end-users on their PCs, I need a simple/silent installation procedure.
Also, to make sure I remember later what I did, I would also like to have everything done possibly in the build process.

Would you have any suggestion?

Thanks again,

Michel

Coordinator
Dec 2, 2012 at 9:44 AM

Hi Michel,

What do you plan to do in the VSTO Project? Your life will be easier without it.

Unmanaged code can't be packed in the .xll at the moment, but the rest can be packed (and signed) and still use the unmanaged .dlls separately. Not sure how important security on the unmanaged code is for you. I guess you could do some checksum check on the files before loading them, or you could store the unmanaged libraries in your .NET library as resources, extract to a temp directory at runtime, and load with LoadLibrary.

You can sign the .xll whether stuff is packed or not. It just gives you no security if you sign it but the user can change the .dll to anything he wants. If the .dna file and your managed .dll are packed, then signing the .xll means the code that runs is the code you signed.

I'm not sure how you would deal with the installation... It depends a lot on your environment. Either you use a network share or you need to get a file on their machine, and then open it in Excel once - the add-in can register itself so that it will always load in future.

Regards,

Govert

Dec 2, 2012 at 2:22 PM

Hello Govert,

Thanks for your answer and your excellent questions!

Concerning the importance of security for me: it is not important at all.
Those people who will use my software know me personally and should receive some kind of install file.
In other words, for me security is not more than a loss of time.
It just makes things a bit more complicated without any good reason in my case.
I want to sign stuff only because otherwise the install won't work.

The first reason I want to use VSTO is that I used it already before.
This will be a dedicated VSTO workbook project.
I had a good experience with VSTO for that.
I could easily create dedicated sheets with some programmed behaviour, almost in the same way as I did in VBA.
I am new to Excel-DNA, and I don't know if it could be a replacement for this kind of task.
For example, in VSTO it was rather easy to create event-code.
I also expect creating ribbon tabs will be easy (I never did it till now).

However, I think it would not be a problem if the installation would have to be done in two separate steps.
One for the UDF part of it, and one for the VSTO part of it.
If the install could be done by the end-user by not more than two double-clicks, it would be perfect.

Thanks for your suggestions,

Michel