I was excited about the possibilities of generating custom Word 2003 documents on the fly using the ServerDocument object in Visual Studio Tools for Office 2005. My goal was to show how you could fill out a form on an ASP.NET 2.0 Web page, click a button, and download a custom document or have it emailed.
After investigating the error "System.Security.SecurityException: That assembly does not allow partially trusted callers", I discovered a severe limitation in the technology: it's almost impossible to use on public Internet sites because of the security model.
My ISP, ServerIntellect, runs ASP.NET pages with less than Full Trust, which makes sense. They kindly installed the VSTO 2005 runtime components. However, VSTO 2005 requires Full Trust permissions even when in the GAC.
According to MS Support, the "solution" is to create a Full Trust wrapper around VSTO's stuff, and tag the wrapper with AllowPartiallyTrustedCallersAttribute to allow it to run under partial trust. Trouble is, my wrapper would have to go into the GAC and an ISP would be understandably reticent about allowing that on a shared server.
The upshot is that unless you have direct control of the Web server, you'll have a rough time getting this to work. I'd love to be told I'm wrong about all this because it's really disappointing to limit this fine capability to corporate sites and intranets.