Attention: We are retiring the ASP.NET Community Blogs. Learn more >

Signing an assembly using Authenticode does not help for Office managed com AddIN

For a particular  managed com addin, The default value for the InprocServer32 key (see Figure 2). Instead of the path to a managed code DLL file, it points to the mscoree.dllthe main entry point of the common language runtime engine. (The InProcServer32 key is created by the RegAsm.exe utility earlier. The default value is set to mscoree.dll.)

Click here for larger image

Figure 2. CLSID InprocServer key entries for a managed code COM class exposed through COM Interop

Here is why signing an assembly using Authenticode does not help. Since the InprocServer32 key points to mscoree.dll, Office XP will examine mscoree.dll for the signature and not the assembly itself. Mscoree.dll is a system component and is not signed. As such, when the Office XP security is set to High with Trust all installed add-ins and templates disabled, the mscoree.dll won't be loaded.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnoxpta/html/odc_shim.asp

Thannks,

-Suresh

No Comments