Preventing the Dynamics CRM Outlook add-in from creating contacts, forever

It’s an ongoing issue here wherein a misconfigured / misbehaving Outlook client sometimes creates duplicate or redundant contacts in our CRM, and I’ve seen many blog posts and forum threads discussing the various ways of getting around it.  Unfortunately they all require user-specific configuration, whereas I wanted to banish the problem across the board once-and-for-all.  Completely by accident I came across a solution, which in retrospect is extremely obvious and I’m rather embarrassed that I didn’t figure it out sooner!

It all hinges on the fact that the Dynamics CRM website will execute javascript on the form, and of course the Outlook add-in will not, as no form is loaded (although there is a way to get one, which is covered here too).

Add a boolean field to your contact entity called “Permit Creation”, which defaults to no.
Add it to the contact form, but mark it as hidden.
Add the following javascript to the contact form in the page load event:

if(!Xrm.Page.context.isOutlookClient() && Xrm.Page.ui.getFormType() == 1)

(The isOutlookClient() / getFormType() check isn’t really needed for this, but prevents people from accidentally creating contacts via forms in Outlook too, if that’s what you want)

Next, create a CRM plugin using Visual Studio that does the following:
(obviously this is not the complete plugin code, just the part that matters)

bool permitted = (bool)entity.Attributes[“new_permitcreation”];
        throw new InvalidPluginExecutionException(“Contacts may only be created via the CRM website.");