Category: Sandboxed Solution

Sandboxed Solution

Restrictions in SharePoint 2010 Sandboxed Solutions – Part 2

Home | Sandboxed Solution | Restrictions in SharePoint 2010 Sandboxed Solutions – Part 2

The code inside SharePoint 2010 Sandboxed Solutions is limited by code access security policy restrictions. The code access security policy for the sandboxed solution worker process is defined in the %ProgramFiles%Common FilesMicrosoft Sharedweb server extensions14CONFIGwss_usercode.config file and it is referenced in %ProgramFiles%Common FilesMicrosoft Sharedweb server extensions14UserCode.

The following permission levels are denied by code access security policy.

No

Denied Permissions

Impact

1

DirectoryServicesPermission

2

DnsPermission

3

EnvironmentPermission

4

EventLogPermission

5

FileIoPermission

Cannot read/write to file system

6

IsolatedStorageFilePermission

7

PrintingPermission

8

ReflectionPermission

9

RegistryPermission

10

SecurityPermission

Cannot access unmanged code, Threads, App Domains etc.

11

SMTPPermission

Cannot access .NET Reflection APIS and non-public class & members in managed code

12

SqlClientPermission

13

SocketPermission

14

UIPermission

15

WebPermission

 

The following permission levels are granted by code access security policy.

No

Granted Permissions

Impact

1

SharePointPermission.ObjectModel

2

ASPnetHostingPermission=Minimal

Can execute resources, but not read/write access to resources

3

SecurityPermission.Execution

 

This completes the final part (Part 2) of the article ‘Restrictions in SharePoint 2010 Sandboxed Solutions’.

 Subscribe to my blog

Full Trust Proxies in SharePoint 2010 Sandboxed Solution – Faqs

Home | Sandboxed Solution | Full Trust Proxies in SharePoint 2010 Sandboxed Solution – Faqs
  1. What is full trust proxy in the context of SharePoint 2010 Sandboxed Solution?

    A full trust proxy is a mechanism that allows Sandboxed Solution to make a call to trusted assembly outside the Sandbox environment. The trusted assembly can be designed to make external calls (to database or web services), which Sandbox solutions cannot reach. This needed, because not all the SharePoint 2010 solutions might want to live as Sandboxed (with restrictions). In most of the cases, the assemblies inside SharePoint solutions might want to make external calls (to a database or to a web service).

     

  2. How to create a full trust proxy operation in Sandboxed Solution?

    Here are the steps required to create full trust proxy operation using Visual Studio:-    

    1. Create a farm solution , create a c# class that is derived from SPProxyOperation and override Execute method
    2. Create another c# class (in the same solution), that is derived from SPProxyOperationArgs. Pass an instance of this class to the Execute method of SPProxyOperation class.
    3. Create a Feature Receiver to register operation with SharePoint Foundation User Code Service
    4. In the Sandboxed Solution project, create a class that calls the proxy operation
    5. Deploy the Sandboxed solution

       

  3. In which process does the full trust proxy runs?

    The full trust proxy does not run in w3wp.exe, rather it runs in SPUCWorkerProcessProxy.exe.

     

  4. How to programmatically activate the full trust proxy with user code service?

    The following is the code snippet for activating full trust proxy.

     

         SPProxyOperationType proxyOperationType = new SPProxyOperationType(type.Assembly.FullName, type.FullName);

    SPUserCodeService userCodeService = SPUserCodeService.Local;

    userCodeService.ProxyOperationTypes.Add(proxyOperationType);

    userCodeService.Update();

     

  5. How to programmatically de-activate the full trust proxy with user code service?

    The following is the code snippet for de-activating full trust proxy.

 

     SPProxyOperationType proxyOperationType = new SPProxyOperationType(type.Assembly.FullName, type.FullName);


     SPUserCodeService userCodeService = SPUserCodeService.Local;


     userCodeService.ProxyOperationTypes.Remove(proxyOperationType);


     userCodeService.Update();


 Subscribe to my blog

Restrictions in SharePoint 2010 Sandboxed Solution – Part1

Home | Sandboxed Solution | Restrictions in SharePoint 2010 Sandboxed Solution – Part1

We all know that SharePoint 2010 Sandbox Solution is restricted and it has access to only the subset of functionalities available in Microsoft.SharePoint namespace. In this article, we’ll see restrictions imposed by Sandboxed solutions. Basically, the calls made by Sandboxed solution are routed through subset proxy, which in turn makes the calls to the full object model. In this case, the subset proxy brings in the restriction by exposing limited set of functionalities. Here is the list of API exposed by subset proxy.

No

Namespace

Restriction

1

Microsoft.SharePoint

All of the Microsoft.SharePoint namespace except the following

 

a)SP Site Constructor

b)SP Security Object

c)SPWorkItem and SPWorkItemCollection objects

d)SPAlertCollection.Add method

e)SPTransformUtilities Object

f)SPUserSolution and SPUserSolutionCollection objects

 

2

Microsoft.SharePoint.Utilities

All of the Microsoft.SharePoint.Utility namespace except the following :-

 

a)SPUtility.SendEmail method

b)SPUtility.GetNtFullNameandEmailFromLogon

3

Microsoft.SharePoint.WebPartsPage

All of Microsoft.SharePoint.WebPartsPage

Except the following

 

a)SPWebPartManager object

b)SPWebPartConnection object

c)WebPartZone Object

d)WebPartPage Object

e)ToolPart object

f)ToolPane Object

 

If we examine the restrictions carefully, we can infer that the capabilities of the core foundational object model is available in the Sandboxed Solutions. However the advanced capabilities like Search, BCS, Access Services and Excel Services are restricted.

Next, we’ll see what are all the SharePoint 2010 Project types supported by Sandboxed Solutions.

No

SharePoint projects supported by sandboxed solution

SharePoint projects not supported by sandboxed solution

1

Content Types / fields

2

Modules / files

Application pages

3

List definitions

Web application scoped features

4

List instances

Custom action group

5

Site definitions

HideCustomAction element

6

Web Template Features

Content type binding

7

Web parts (non-visual)

 

8

Feature Callouts

 

9

Declarative workflows

 

10

Custom actions

 

11

SPWebEventReceiver

 

12

SPListEventReceiver

 

13

SPItemEventReceiver

 

 

Here are few more restrictions. The code inside Sandboxed solution cannot perform the following operations:-

a) Cannot read/write to the file system

b) Cannot call the network

c) Cannot write to the Registry

d) Cannot call assemblies deployed out of Global Assembly Cache

The next part of the article would cover the CAS policy restrictions on Sandboxed solution

 Note:-

At this point of time, the Visual Web Parts can be created as Sandboxed Solutions with the help of Visual Studio Power Tools for SharePoint.

   

 Subscribe to my blog