Notes & Limitations of SharePoint 2010 Sandbox Solutions 

Since the release of SharePoint 2010 Beta, sandboxed solutions has been a topic that has garnered a mixed bag of reactions. Whether you agree that it is the ‘save all’ fix to isolate risk or that it is limiting, this post will attempt to aggregate some notables regarding sandboxing.

 

Sandboxing is easily described to be a method of deploying your custom code to SharePoint, without running the risk of bringing the entire farm down. Solutions that are sandboxed reside inside a site collection and restrict access to data or items that reside outside of that site collection.

 

Paul Stubbs has a great article here describing sandboxed solutions:

http://msdn.microsoft.com/en-us/magazine/ee335711.aspx

The items that jumped out at me:

  • Sandboxed solutions do not run under the w3wp.exe IIS worker process.
    • Instead it uses SPUCWorkerProcess.exe
  • Visual Studio compiles against the full version of the SharePoint API, but at runtime, SharePoint swaps out the full API for the sandboxed API, and this API is what your code runs against.
    • Obviously Intellisense will kick in, blocking APIs based on the radio button regarding Sandbox or Farm Solution when you first create your project in VS2010. However, if you copy and paste code inside Visual Studio, it will compile without error!! You have to wait until the code executes to receive an exception.
  • The best way to reach out of the sandbox is by using the Business Connectivity Services (BCS) to create an external content type
    • Full –trust proxy is another option that is callable from the sandboxed solution.

 

Sahil Malik does a good job introducing Sandbox Solutions also:

http://blah.winsmarts.com/2009-12-SharePoint_2010_Sandbox_solutions__Architecture_and_Restrictions.aspx

In this post, a trick to assist in checking if you are using any of the restricted APIs is listed. (for all you people that copy and paste code)

 

Both bloggers mention the SDK and by now you should have that downloaded. To view the sandboxed API download the SharePoint 2010 SDK here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=f0c9daf3-4c54-45ed-9bde-7b4d83a8f26f&displaylang=en

 

Search in the SharePoint Foundation 2010 SDK for ‘sandboxed’.

Sandboxed Solutions Architecture provides the following list of what is feasible inside sandboxed solutions:

The following capabilities and elements are available in sandboxed solutions:

  • List definitions

  • List instances

  • Onet.xml

  • WebTemplate Feature element instead of Webtemp.xml

  • Content Types/Fields

  • Navigation

  • Module/files

  • Feature callouts

  • Web Parts derived from WebPart

  • Event receivers

    • SPItemEventReceiver

    • SPListEventReceiver

    • SPWebEventReceiver

  • Custom Actions

  • Workflows

The following capabilities and elements are not available in sandboxed solutions:

  • Custom Action groups

  • HideCustomAction element

  • Content Type Binding

  • Web Application-scoped Features

  • Farm-scoped Features

Inside the Foundation SDK, search for ‘Namespaces and Types in Sandboxed Solutions’ to view the subset of the Microsoft.SharePoint namespace that is available.

image

I’m not quite sure that sandboxing will create the ‘explosion’ of development that Paul Stubbs is predicting.  Hopefully the above information will assist in helping you decide if sandboxing solutions is a good fit for the project you are working on.

(I personally think that monitoring solutions is going to explode.  Hope you didn’t skip over reading that!)

 
Posted on 27-Jan-10 by Andrew Clark
0 Comments  |  Trackback Url  |  Link to this post | Bookmark this post with:        
Tags: SharePoint 2010
 

Links to this post

Comments

Name:
URL:
Email:
Comments:

CAPTCHA Image Validation