Outlook attachments can not be trusted?
So I ran into an issue today..
I developed a VSTO 2010 Word document-level customization. I discovered when a document that has been created with this customization is sent via email and opened within Outlook, you will undoubtedly receive the following nice message:
Microsoft.VisualStudio.Tools.Applications.Runtime.CannotCreateCustomizationDomainException: This document contains custom code that cannot be loaded because the location is not in your trusted locations list: Test2 (3).doc. If you trust this document you can save and open it from a location on your computer. For more information, see http://go.microsoft.com/fwlink/?LinkId=99104.
So this customization is being developed for a small internal organization which frequently will be emailing such documents back and forth to each other. Working around this error message every time they attempt to open a customized document will become more than just a nuisance! So the first instinct is to attempt to simply trust this location where this document is being opened from. By default, when opening an Outlook attachment directly, it will copy it to the “Temporary Internet Files” special folder for that user. So in the case of the document above, I found this location to be:
C:\Users\khalidk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\R4L3TC12\Test3.doc
So perhaps a first instinct of some people would be to try to trust this location. Opening Microsoft Word, and going to “Options”->”Trust Center”->”Trust Center Settings”->”Trust Locations”->”Add new location..”
And then providing this path: “C:\Users\khalidk\AppData\Local\Microsoft\Windows\Temporary Internet Files” with the “Subfolders of this location are also trusted” option checked, will result in the following error dialogue box:
So, Microsoft has decided that Outlook attachments can never be trusted; This article talks about how Outlook attachments default to being opened under “Protected View” mode :
http://office.microsoft.com/en-us/word-help/what-is-protected-view-HA010355931.aspx
Enable Protected View for files that are located in potentially unsafe locations This refers to folders on your computer, or network, which are considered unsafe, such as the Temporary Internet folder.
However even enabling protected view for Outlook attachments will not trust the location – the 2 are different concepts.
In my next blog post, I will post a work around solution for how to get around this annoyance. It’s worth noting first off the sequence of events that take place when initializating the “trust” status of a document:
http://msdn.microsoft.com/en-us/library/bb157863.aspx#GrantingTrustToSolutions
Note that the very first check is to confirm whether the document is in a “trusted location” folder. So even signing the document/customization with a certificate would not get around this. A question I have is why doesn’t the workflow first check to see if it’s signed before checking the “trusted location” folder? Anyway, in the next blog posting, I will walk through an add-in I developed to allow the users to open these customized documents flawlessly as if they were trusted.
khalidk7 