Running NodeXL in a Locked Down Corporate Enviroment - Trusted Publishers

Feb 9, 2014 at 10:21 PM
Hi, We have an issue deploying NodeXL within a corporate environment, our Excel 2010 policy enforces the setting "Require Application Add-ins to be signed by Trusted Publisher".

When attempting to run NodeXL in this configuration we get an error :-

Name: Smrf.NodeXL.ExcelTemplate
From: file:///C:/Program Files (x86)/Social Media Research Foundation/NodeXL Excel Template/Smrf.NodeXL.ExcelTemplate.vsto

************** Exception Text **************
System.Security.SecurityException: The solution cannot be installed because it is signed by a publisher whom you have not yet chosen to trust. If you trust the publisher, add the certificate to the Trusted Publisher list.
at Microsoft.VisualStudio.Tools.Office.Runtime.OfficeAddInDeploymentManager.VerifyAddInTrust(ClickOnceAddInTrustEvidence evidence)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext context, Uri manifest, AddInInstallationStatus installState)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
The Zone of the assembly that failed was:

Normally in this situation I would locate the associated certificate used to sign the add-in, add this to our AD Trusted Publisher Certificate Store and everything would be fine, but Ive been unable to locate a certificate within the NodeXL code. I have noted within the VSTO file a publisher Identify of "CN=Social Media Research Foundation" but cannot find an associated cert.

Ive confirmed on a test machine that removing the "Require Application Add-ins to be signed by Trusted Publisher" setting resolves the issue, but unfortunately our security policy does not allow for this to be deactivated.

Any Ideas ?
Feb 11, 2014 at 5:31 AM

I might have a solution for you.

We happen to have recently overhauled the NodeXL setup program. The new version is now a pure "ClickOnce" deployment, the effect of which is that you will now install NodeXL just once, and it will update itself automatically when there are new releases. That wasn't the prime motivation for the overhaul--it was more about simplifying a complex setup that had caused too many problems over the years--but it was a nice side effect.

Another side effect is that the new version, unlike the old one, is signed with a certificate obtained from a trusted authority, Comodo. That was a requirement imposed on us by ClickOnce, but it might happen to also meet the needs of your company's security policy.

The new version, which is called "NodeXL Excel Template 2014," is still being privately tested. I'm looking for more beta testers. Would you be interested in trying it on one of your company's computers?

-- Tony
Feb 12, 2014 at 11:20 AM
Hi Tony, thanks for getting back to me, thats sounds very encouraging. Im happy to test out the new version in our enviroment to see if it resolves our current issue.

Feb 12, 2014 at 8:17 PM

Good. I'll contact you separately with installation instructions.

Here are a few technical notes that might be relevant for your environment:
  • The new NodeXL setup program will do a one-time install of "Visual Studio 2010 Tools for Office Runtime" if it is not already on the computer. Microsoft claims that this runtime is included in Office 2010 and 2013, but I haven't found that to be the case: The NodeXL setup program has had to install it in every test I've run. It can also be downloaded and run separately from This is a per-machine install.
  • The new NodeXL setup program will also do a one-time install of .NET Framework 4.0 if it (or a newer version) is not already on the computer. Newer computers already have this. This is a per-machine install.
  • Finally, the new NodeXL setup program will install the NodeXL Excel Template itself. Unlike the other two items, this is a per-user install, and it does not require administrator rights. If the Template needs to be used by several people, each will have to run the NodeXL setup program. That's actually pretty quick, once the previous two items are taken care of.
-- Tony