I faced really strange limitation of the MS Dynamics CRM, that is not covered anywhere in documentation.
It's is possible to create entities of sdkmessageprocessingstep type from within plugin, thus subscribing plugin to the events on demand, however it's not possible to perform reverse operation — delete these steps, or at least disable them.
CRM fires exception in case if Delete message is called for sdkmessageprocessingstep, however the same code works just fine, when executed from command line application for example.
Have anybody faced with the this issue before? What's the reason of it? Do you know any approach how to work around it?
It is indeed possible to delete plugin steps from within plugin code. However, the user must still be authorized to do this.
For sandboxed plugins it is enough to have the appropriate entity privileges.
For plugins registered for full trust mode the user must be a member of the deployment administrator group. Also, the plugin code must be executed on a thread impersonating the Windows account of the administrator. This implies that this only works in an OnPremise environment and within the company network.
Before you delete a plugin step, you may need to delete associated pluginstepimages first.
Related
We are developing a COM Add-In for Microsoft Word (only local, not for cloud usage). One of our customers had the problem, that each time he started Word, he had to manually activate the Add-In (Word Options > Add-Ins > Go... > tick the checkbox for the corresponding Add-In). I could reproduce this behavior by forcing an error in the Add-In coding which caused Word to crash. When starting Word the next time, I got the following message:
Of course I saw this message several times before. But: back then the consequence of clicking on "Yes" was that the Add-In was disabled. In that case it was sufficient to re-enable it one time (as described above). The next time the Add-In was started, you didn't have to enable it any more.
But now, additionally to disabling the Add-In, there is a registry key created. That key has the name of the Add-In and is located at the following path: HKEY_CURRENT_USER/SOFTWARE/Microsoft/Office/15.0/Word/AddInLoadTimes.
And it seems that this key causes the behavior described at the beginning. Because if I delete the key, start Word, enable the Add-In, close word, set the "LoadBehavior" key in the registry to "3" and then restart word, everything is fine again.
Now my question: is there a user-friendly alternative to enable the Add-In? Since the fewest of our users have administrative privileges, we cannot ask them to change some registry keys in order to fix the problem.
I hope that someone can help me with this.
Best regards
Timo
The path we took to avoid this issue, was to check in the code any static initialize methods / properties (which are invoked when word tries to activates the addin), which potentially could throw exceptions (IO work, REST api requests ... etc) and added to them try / catch blogs with some notification to the user that the activation of the addin failed + logging of the exception.
Side Note: At the time we have struggled the same issue we could not find anything but the registry key which you have mention to resolve this behaviour, but we faced the same security restriction, so this was not an option.
Not knowing much about your add-in, I can think of 2 possibilities:
Since the registry key is in HKCU (which is normally fairly accessible) why not create a 2nd 'helper add-in' that checks for problems with this key and resets it when required?
Otherwise you could use Inno Setup to create a dummy installer that does this for you?
I think this is possible because your target location is HKEY_CURRENT_USER/SOFTWARE/Microsoft/Office/15.0/Word/AddInLoadTimes (i.e. HKCU) which usually can be modified without admin rights: Changing registry without admin rights
Solution seems to go to Options > AddIns, then click GO aside Word Add-ins:
Then select desired one and click ENABLE/DISABLE.
I've successfully implemented a Pluginsystem in my WPF-Application:
Every Plugin has its own *.dll to be loaded and instantiated at the start of my App.
Are there any security issues caused by the fact that someone could develop a plugin and write everything in the constructor she/he wants to?
If so, how could I prevent this?
Think what you are looking for is AppDomain, here you can create an isolated sandbox and grant permissions for the running code. For example a specific folder for reading/writing.
https://msdn.microsoft.com/en-us/library/bb763046(v=vs.110).aspx
Is this possible to put any scripts with the Setup Project in .NET C# so that I can delete couple of rows from a table or to delete the entire tables from database while uninstalling the setup from control panel? I need all the data to be removed from its database when the windows application is uninstalled
You may have to define exactly what "it does nor work for me" means. That code is an uninstall custom action, but it won't be called unless you've added it to the setup project as an uninstall custom action, if that's what you mean by it not working. This stuff does work, assuming you add it as an uninstall custom action.
Another way in which it will not work is that you probably won't see a console.writeline working. This is not application code running in the interactive user's shell. This is a callback from an msiexec.exe process running with the system account, so it most likely won't let you do anything to interact with the interactive user's desktop, and it's not clear to me what happens if you attempt to write to the system account's console because I doubt that it has one. That also means that if you're going to add code to delete tables from the database then the database needs to allow access by the system account, something that might not be allowed by default.
Just delete tables from sql and then do unistallations
drop tablename
delete *row from tablename where condition
I work for a company that develops a CRM tool and offers integration with MS Office(2003 & 2007) from windows XP to 7. (I'm working using Win7)
My task is to call an Outlook instance (using C#) from this CRM tool when the user wants to send an email and prepopulate with data of the CRM tool (email, recipient, etc..)
All of this already works just fine.
The problem I'm having is that Outlook's "object model guard" is throwing com Exception
(Operation aborted (Exception from HRESULT: 0x80004004 (E_ABORT)))
the moment I try to read a protected value from the mailItem (such as mail.bodyHTML).
Example Snippet:
using MSOutlook = Microsoft.Office.Interop.Outlook;
//untrusted Instance
_outlook = new MSOutlook.Application();
MSOutlook.MailItem mail = (MSOutlook.MailItem)_outlook.CreateItem(MSOutlook.OlItemType.olMailItem);
//this where the Exception occurs
string outlookStdHTMLBody = mail.HTMLBody;
I've done quite a bit of reading and know that my Outlook Instance (derived by using new Application) is considered untrusted and therefore the "omg" kicks in.
I do have a workaround for development:
I'm running VS2010 as Administrator and if I run Outlook as Administrator as well - all is good. I suppose this is due to them having the same integrity levels(high) and the UAC(?) is not complaining. But that just ain't the way to go for deployment.
Now the question is:
Is there a way to obtain a trusted instance of Outlook so that I can avoid this exception?
I've already read that when developing an Office Add-In using VSTO one can obtain a trusted Instance from the OnComplete event and/or using "ThisAddin"
But I "merely" want to start an outlook instance and preopulate it, and do not want to develop an Add-In since this is not the requirement.
And to make it clear - I have no problem with pop ups informing the user that outlook is being accessed - I just want to get rid of the exception!
So how can I get around this problem using code?
Any help is highly appreciated!
Thomas
Take a look at Dimitry's Redemption Lib, It was designed to do exacly this.
Well,
I've already spent way too much time and energy on this question so I think I came up with a pragmatic workaround for my particular case - but no real solution!
The problem is apparently due to the programms running at different integrity levels (Outlook = medium, VS2010 = admin or high). Office runs by default on a medium level and so will my future application once deployed. So there shouldn't be any trouble, since if the CRM and Outlook run at the same level, there's no problem.
For development I just let em both run on high, or medium (starting my compiled files from the debug folder).
In any other case a Messagebox warning is shown informing the user of the different integrity levels that cause an exception and prevent access.
At the code level, when I try to read any (by Outlook) prepolutated, protected properties and the object model guard raises the exception, I just catch it and use default values instead.
Why I had to read them in first place is currently beyond me - but so were the specs which were handed to me.
Anyway thanks for reading and if I ever come up with a solution I'll be sure to psot it - until then keep in mind that a pragmatic solution is better then none!
Happy Father's Day everyone!
I am trying to write a test which, in it's fixtures Setup, it backs up a file and deletes the original, runs the test without the original present, then in the teardown, restores the original from the backup. The file is located in my %ProgramFiles% folder. I get an UnauthorizedAccessException on the fileInfo.Delete() statement. I have no problem deleting this file from another test project on the same machine that is not running from the Resharper Test Runner.
I can't move the file to somewhere else - it's ssapi.dll, an installed dll for Visual SourceSafe. (Yes, I'm doing something invasive in a Unit Test.)
It's the same user (me) for both ways -- I checked it via Task Manager. My user account is a member of the local Administrators group. What other factors are there which determine my "Authorization" to do something with a file?
RESOLVED: Though it doesn't answer my original question (which I'd still like to know the answer to), I have found a workaround for my testing purposes, using the System.Security.Permissions framewok, doing a Demand for FileIOPermissionAccess.Read in the app (non-test) code which requires the file (for an Interop call), and a Deny for the same in the test of that code which requires a scenario that that file is not there. This should work for now (and I love having learned a bit about the System.Security.Permissions namespace)!
Not really a solution, but I'd consider fixing this problem from a different angle.
You could perhaps consider changing the directory to %AppData% (you might need to make this change for you main application also).
It might solve your problem and also will see you well when you move to Vista, since UAC could stop you (or the application user) from using the %ProgramFiles% directory.
It is possible that ReSharper is running its Test Runner as a separate process, and that separate process is not using your Windows identity but, instead, another one with lower privileges.
You might be able to verify this opening Task Manager and checking Show processes from all users.
You can probably fix this by giving your user account full access to that folder.
Navigate to the folder in windows explorer. Right click on the folder and select properties. Select the security tab, then the Edit button, and add full control for yourself. Yes - I suppose it's a potential security issue, but you have to change the files in that directory, and you seem to know what you're doing, so it should work.
You could activate auditing for the file, and check the error message in the event log. Note that you have to turn on auditing in two places, once under Local Security Policy/Local Policies/Audit Policy and once on the file itself.
This would not solve the problem, but would at least help diagnose the problem.
Are you running Vista or Server 2008 with UAC turned on? If yes, this might be the cause - the test runner process might not be in "elevated" mode.