Skip Ribbon Commands
Skip to main content

Point2Share | Daniel McPherson's SharePoint Blog


The zevenseas Community > Blogs > Point2Share | Daniel McPherson's SharePoint Blog > Posts > #spc09 Notes: Sandboxed Solutions
October 19
#spc09 Notes: Sandboxed Solutions

This is the first of a series of notes I will be making while attending the SharePoint Conference in Vegas. These are not intended to be complete, polished, edited blog posts. Its simply the highlights, as I saw it, from the sessions I attended.

  • Its all about balancing Security/Stability and Business Agility
  • Sandboxed solutions balance these two things out.
  • Sandboxed solutions should be the default approach to developing solutions on SharePoint. You build them this way UNTIL you hit a limitation you just cant get around.
  • Difficult to come up with a list that describe what you can do with Sandboxed Solutions:
    • Content Types, Site Columns
    • Custom Action
    • Declarative Workflows
    • Event Receivers
    • Feature receivers
    • List Definitions, non-visual web parts
    • Site Pages
  • What is the Sandbox?
    • Its a separate process where your solution runs
    • It works with a limited set of API, and have additional Code Access Security policies applied to it.
    • Solutions for the sandboxed are focused on the the Site Collection
    • All sandboxed solutions have detailed monitoring via the Central Administration
  • Puts the power back into the hands of the IT Admin.
  • Separate process:
    • UserCodeService – Runs on each server in the farm which is allowed to host the sandboxed solutions.
    • Sandbox Worker Process – This is where the solution runs
    • Sandbox Worker Process Proxy -
  • Sandboxed solutions use a subset of Microsoft.Sharepoint
    • Important: Missing Enterprise objects
    • I think there are some great solutions to be built, but this list did look quite limiting.
    • CAS Policy limits allow a solution assembly to load, use the SP OM. Cannot touch any external resources.
      • There is a Full Trust Proxy, this is possible but it is tightly controlled
  • Solution Gallery
    • Document Library for SharePoint Sandboxed Solutions
    • Empowers the Site Collection administrators to chose what solutions they need.
    • Resource quotas can lock down the amount of server resource a solution can use
  • The binaries are in 14\Usercode
    • Web.Config in this folder includes the reference to the CAS Policy
  • To Visual Studio there is no difference between a Sandbox solution and a Farm solution.
    • The actual changes to the files is minimised, just an AssemblyInfo.cs change
    • “AllowPartiallyTrustedCallers” is set for Sandboxed Solutions
  • Sandbox Architecture
    • Execution manager, runs on the front end and brokers requests through to the “Back End” systems which are hosting the Host Services. Host Services spins up the required worker processes, which then use the WorkerProcess proxy, which then makes the real calls to the OM
    • Wonder what the overall performance impact is of this?
    • The worker processes can be shut down if they start to do bad things, isolating the disaster
  • Code Access Security
    • Cannot access any resources out of the Sandbox
    • Uses an API Blocklist, this means the Farm Administrator can further lock down the API’s that can be used. This does not mean you can change the basic subset, this limit will always be there.
  • Full-Trust proxy is the way you break out to do more in your applications
    • It is a fully trusted piece of code you can call in your applications
    • Full Trust proxy does just a specific task, for example, read from ERP systems
    • Create a class that inherits from a SPProxyOperationsArgs (this just passes arguments) –> Goes in the GAC
    • Then another using SPProxyOperation, this does the job –> goes in the GAC.
    • From your sandboxed solution you then call it.
    • Once you have written these, then you need to register them with SharePoint
    • The idea here is to create a set of trusted API’s that can be leveraged by all SharePoint developers.
  • Sandbox solution execution can be load balanced across the farm.
    • You can also setup a dedicated set of servers whose job is to run the sandboxed solutions
  • Solution Validation
    • Administrators can block solutions
    • Can create a “Solution Validation” object which then interrogates the solutions.
    • Very interesting, this is pretty sophisticated stuff.
    • Solution Validators inherit from SPSolutionValidator
    • Could check things like:
      • location of files
      • can validate based on many properties of the package, and everything in it.
    • Deployed as a Farm Level solution
  • Solution Monitoring
    • Resource points can be used to manage the resources on the server.
    • If a solution uses too many resources, then it is stopped for the day
    • Helps to identify expensive solutions
    • There are 14 measures in all, they have different units of measurement of course, these are boiled down to the resource points
    • You set points across the various measurements
    • This is done per site collection


Tobias Zimmergren

Great notes mate. I've got some of my own I'll need to post some day soon..
System Account on 27/10/2009 07:22

Arash Aghajani

Great post!
System Account on 01/11/2009 23:37


Views: 1064
Comments: 2
Published:1989 Days Ago