Nov 23, 2012

Infopath Filler 2007 managed code security problem

I had created an Infopath Filler 2007 form with managed code and domain level security to read an InputParameter from the query URL. I could publish the form to SharePoint 2010 Foundation (no Infopath Services) without a problem and the new document link would open Infopath from the browser, but the managed code wouldn't run. And no error message was shown. Previewing the form locally gave a message saying the code was not allowed.

 Step 1: Deactivate Internet Explorer Enhanced Security if you are working in Windows Server 2003 or 2008 and lower the security to minimum. Infopath takes its security directives from IE (http://msdn.microsoft.com/en-us/library/office/bb251020%28v=office.12%29.aspx)

 After step 1, I got this error:

System.Security.SecurityException
Request failed.
   at Microsoft.Office.InfoPath.MsxmlNavigator.IsValidNode(MsxmlNode test)
   at Microsoft.Office.InfoPath.MsxmlNavigator.MoveToFirstChild()
   at MS.Internal.Xml.XPath.XPathChildIterator.MoveNext()
   at MS.Internal.Xml.XPath.ChildrenQuery.Advance()
   at MS.Internal.Xml.XPath.ChildrenQuery.Advance()
   at MS.Internal.Xml.XPath.ChildrenQuery.Advance()
   at MS.Internal.Xml.XPath.XPathSelectionIterator.MoveNext()
   at System.Xml.XPath.XPathNavigator.SelectSingleNode(XPathExpression expression)
   at System.Xml.XPath.XPathNavigator.SelectSingleNode(String xpath, IXmlNamespaceResolver resolver)
   at ContactForm.FormCode.SubmitToList()
   at ContactForm.FormCode.cmdSubmit_Clicked(Object sender, ClickedEventArgs e)
   at Microsoft.Office.InfoPath.Internal.ButtonEventHost.OnButtonClick(DocActionEvent pEvent)
   at Microsoft.Office.Interop.InfoPath.SemiTrust._ButtonEventSink_SinkHelper.OnClick(DocActionEvent pEvent)

Step 2: Install SP3 for Office 2007 which updates the MSO core dll where the security problem lies.

Problem solved.

No comments:

Post a Comment