SandBoxed Solution

Shakir Majeed Khanhttp://sharepointtechies.wordpress.com/

MySelf

User Group Leader of SharePoint Techies, Working independently on SharePoint technologies. Trainer for  Microsoft Office SharePoint Server 2007 and  Window SharePoint Services 3.0 at AUC Technologies. 

http://junooni.wordpress.com/ shakir.majeed@gmail.com www.facebook.com/shakir.majeed

Outline

Application Hosting and CustomizationIntroducing Sandboxed SolutionsExecuting Code in the SandboxSandbox Resource Monitoring

Application Hosting and Customization

SharePoint 3.0’s Challenge

Developers build custom solutionsAdministrators can only secure solutions with CASHard to control what is being done in custom code

Biggest cause of SharePoint support cases: custom code

Design, build, and test customizations

Developer

Install and monitor customizations

Administrator

Activate and use customizations

Site Collection Owner

SharePoint 2010 Approach

Developers build custom solutionsSite collection owners deploy, activate and implement the customizationsAdministrators leverage resource monitors to check site collection usage

Automatic triggers “turn off” custom solutions in a site collection that are too expensive and taxing on the server

Design, build, and test customizations

Developer

Monitor customizations

Administrator

Deploy, activate and use customizations

Site Collection Owner

Introducing Sandboxed Solutions

Sandboxed Solutions

Allow a subset of ‘full’ solution features

Code executes in sandbox

Are deployed by a Site Collection administrator

Stored in the Solution Gallery

Introducing Sandboxed Solutions

Sandboxed solution: site collection owners can upload to SharePoint

Empowers site collection owners to deploy new functionality w/o involvement of IT

Local/remote development options

Self-regulating and monitored by ITLimited set of permissions & functionalityResource quotas established & monitored by IT

Secure: site collection owner is in control

Sandboxed Solutions Help Enterprises

Sandboxed solutions are important because

Solve SharePoint hosting issues in corporate environmentsHosted environments much easier to manage

Reduces time to deploying custom solutions

Removing process of getting code approved and deployed by IT

Improves stability of SharePoint serversNow badly performing code isolated to site collection rather than potentially bringing down an entire server

Overview of the Sandbox

Allows a subset of the full capabilities in the SharePoint APISecure – enforcing the sandbox

Execute in a partially trusted environmentCode executes in a special service processSubject to CASValidation framework

Provides way to do custom farm wide validation for the deployed packages

Each solution is isolated to its site collection

Sandboxed Solution LifecycleInstallation• Upload into Solution Gallery• Solution is validated upon installation

Activation• Auto-activates features

Deactivation• Inert operation, extended by developer • Web Parts no longer execute

Deletion

Sandboxed Solution Elements

Web PartsListsList TemplatesCustom ActionsWorkflowsEvent ReceiversContent TypesSite Columns…

Installing & Running Sandboxed Solution

Executing Code in the Sandbox

Sandboxed Solutions Process

Root SPWeb of SPSite

Solution galleryWebParts.wsp

Web Part gallery

Per-WFE AssemblyCache

<siteguid>\company.intranet.webpart.wsp\company.intranet.dll

Sandboxed Code Serice

1

2 5

6

7

4

3

The Subset Object Model

In generalSPSite and below

No SPSecurityNo SPSite construction

SPSite

SPWeb

SPList

SPListItem

Sandbox

Sandbox and Code Access Security

AspNetHostingPermission, Level=MinimalSharePointPermission, ObjectModel=trueSecurityPermission, Flags=Execution

Full Trust

wss_usercode.config

User Code

Framework Code

My.dll

Other.dll System DLL

SharePoint DLL

SharePoint OM

API Block List

Compiling vs. Executing Sandboxed Solutions

Visual Studio 2010uses IntelliSense tohide full-trust typesAll code is compiled against the full APIThus, no “sandbox” check at compile time… only at runtimeWorkaround: change the Microsoft.SharePoint.dll project reference to reference the sandbox’s version

[..]\14\UserCode\Assemblies\Microsoft.SharePoint.dll

NOTE: Switch it back before deployment!Use this as a temporary test - do not deploy code that references the sandbox’s assembly

Full Object Model Subset Object Model

MyWebPart.dll

Proxy

Runtime

Creating a Sandboxed Solution with VS 2010

Demo

Thank You

Facebook: http://www.facebook.com/shakir.majeedBlog: http://junooni.wordpress.com/Email: shakir.majeed@gmail.com